DHCP snooping

Unanswered Question
Oct 10th, 2007
User Badges:

Trying to run DHCP snooping on a 2960. Using DOT1X to assign PC's into VLAN's for healthy, quarantine, guest etc but only VLAN 1 has an interface and IP address assigned.

When trying to use the "ip dhcp snooping vlan XXX" command the VLANs are shown in the config but doing a show ip dhcp snooping only ever shows VLAN 1.

Anyone aware of a way to resolve this apart from adding VLAN interfaces and possibly ip addresses to them?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)

There's Dynamic VLAN membership DVMP.


But remember, DVMP is used to ensure specific Layer 2 addresses are assigned to specific VLANS. And the VLANS have to exist. (Vlan 1 always exists).

If you are using multiple VLANS you might want to make 1 upsteam Layer 2 device a VTP domain server, there you would create all the vlan interfaces with you need, and use VTP clients to shake the vlans down to down-stream switches.

So to answer your question, yes a VLAN is a Layer 2 broadcast domain and must exist somewhere if it is to be used, you don't have to give it an IP address but I really can't imagine many reason I would keep things strictly at layer 2. That of course depends on your IP addressing schema and physical architecture.



This Discussion