Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
318
Views
0
Helpful
1
Replies

DHCP Snooping and moving between VLANs

david.porter
Level 1
Level 1

‎07-31-2007 06:27 AM - edited ‎03-05-2019 05:36 PM

Hi,

We have recently configured DHCP snooping and DAI. Seems to work okay however if I try to move to another VLAN and lease an IP address it fails with a %SW_DAI-4-DHCP_SNOOPING_DENY.

I am new to DHCP snooping however my understanding is that by moving to another VLAN (same switch), the switch would see the new DHCP lease and update the binding accordingly.

Not sure if it is my understanding of DHCP Snooping that is incorrect or whether there is a misconfiguration somewhere. Thanks in advance for any suggestions.

Labels:
0 Helpful
1 Reply 1

Jens Becker
Level 1
Level 1

‎08-01-2007 12:57 AM

DHCP-Snooping is a security feature in Catalyst Switches. It filters untrusted dhcp-messages and protects clients from peering up with an unauthorized DHCP server.

Config example:

Turn on snooping (global command)

Switch(config)# ip dhcp snooping

Switch(config)# ip dhcp snooping vlan [name]

Port-Configuration of DHCP server

Switch(config)# interface GigabitEthernet x/x

Switch(config-if)# ip dhcp snooping trust

Switch(config-if)# ip dhcp snooping limit rate 100

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card