dhcp snooping

Unanswered Question
Jun 4th, 2008

there is no vlans, no radius server yet.

dhcp snooping should be done in a network that contains

2960s and a 4506.

What should be itenarary and

the commands should be inserted the switches

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ryan Carretta Wed, 06/04/2008 - 23:24

There are several configuration action items:

* Enable DHCP snooping globally

Switch>enable

Switch#config t

Switch(config)#ip dhcp snooping

* Enable DHCP snooping on the desired VLAN(s)

Switch(config)#ip dhcp snooping vlan

* Configure injection of option-82

Switch(config)#ip dhcp snooping information option

* Configure where you want to store the database bindings

Switch(config)#ip dhcp snooping database :

* If an aggregation switch, configure allowing receipt of DHCP packets from untrusted interfaces when option-82 is present

Switch(config)ip dhcp snooping information option allow-untrusted

* Optionally configure mac-address verification. This will verify that the layer-2 header source mac of a received DHCP packet matches the client address in the dhcp header.

Switch(config)#ip dhcp snooping verify mac-address

* Configure the upstream (direction of DHCP server) interface as a trusted port

Switch(config)#int gig0/1

Switch(config-if)#ip dhcp snooping trust

* Optionally configure the number of packets per second an interface should be able to inspect. Configuration of this can protect the control plane of the CPU from a denial of service attack initiated by faulty DHCP client/server software or by a malicious user. We recommend not allowing more than 100 packets/sec from untrusted interfaces.

Switch(config-if)#ip dhcp snooping limit rate

For the database binding agent, refer to these links:

http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_44_se/configuration/guide/swdhcp82.html#wp1282423

http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_44_se/configuration/guide/swdhcp82.html#wp1282651

Actions

This Discussion