DHCP Snooping and moving between VLANs

Unanswered Question
Jul 31st, 2007


We have recently configured DHCP snooping and DAI. Seems to work okay however if I try to move to another VLAN and lease an IP address it fails with a %SW_DAI-4-DHCP_SNOOPING_DENY.

I am new to DHCP snooping however my understanding is that by moving to another VLAN (same switch), the switch would see the new DHCP lease and update the binding accordingly.

Not sure if it is my understanding of DHCP Snooping that is incorrect or whether there is a misconfiguration somewhere. Thanks in advance for any suggestions.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jens Becker Wed, 08/01/2007 - 00:57

DHCP-Snooping is a security feature in Catalyst Switches. It filters untrusted dhcp-messages and protects clients from peering up with an unauthorized DHCP server.

Config example:

Turn on snooping (global command)

Switch(config)# ip dhcp snooping

Switch(config)# ip dhcp snooping vlan [name]

Port-Configuration of DHCP server

Switch(config)# interface GigabitEthernet x/x

Switch(config-if)# ip dhcp snooping trust

Switch(config-if)# ip dhcp snooping limit rate 100


This Discussion