10-05-2011 10:57 AM - edited 03-07-2019 02:37 AM
I have a lot of work to do to get snooping working. One question that I have is;
If I am working on a network of say 10 2960G switches ( 1 primary or distribution switch and 9 secondary or access switches) and I have ports in a given vlan lets say vlan 195. These ports are on the primary switch as well as access layer switches 8 & 9. they do not exist on any other switches in between.
Do I have to add the statement ip dhcp snooping vlan 195 to those switches in this network that do not have any ports in vlan 195? Or can I simply add the command on the primary switch and the access layer 8 & 9?
Thanks in advance for your effort in this regard
Mike Mott
10-05-2011 11:12 AM
Hi Mike,
You should be fine enabling DHCP Snooping on your primary switch and access switches 8 and 9. If you start assigning ports with VLAN 195 on different switches you need to enable DHCP Snooping on those switches.
The One Thing to Always Remember with DHCP Snooping!
Very Important!
HTH,
//Elyinn.-
10-05-2011 11:34 AM
Could you clarify the following comments for me.
The only thing that I understand regarding the binding table is that once snooping is configured down to the access switch level. I can use show ip dhcp snooping binding to see if users are getting ip's or not. My configurations look something like this;
CORE
globally= nothing here
int Vlan 195= ip dhcp relay information trusted
DISTRIBUTION
globally
ip dhcp snooping vlan 195
ip dhcp snooping information option allow-untrusted
ip dhcp snooping
int g0/48 (uplink trunk) ip dhcp snooping trust
ACCESS
globally
ip dhcp snooping vlan 195
ip dhcp snooping
once configured I would use sho ip dhcp snooping
to verify configuration, and then show ip dhcp snooping binding
to ensure that users are getting ip' s
Thank You again for your attention to this issue.
Mike
10-05-2011 11:44 AM
Hi Mike,
Check the following link: http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/18ew/configuration/guide/dhcp.html
HTH,
//Elyinn.-
10-05-2011 11:25 AM
Hi,
You can enable it on the distribution switch only.Just make sure the the port(s) going to dhcp server(s) are trusted ports by enabling ip dhcp snooping trust command under the interface(s).All this of course is the DHCP server(s) are accessible via the distribution switch, if the switch is also the DHCP server so no need for last command.
just take care also if your DHCP server is IOS related to disable option 82 if your switch is also a dhcp relay by issuing following command:
no ip dhcp snooping information option
Regards.
Alain.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide