Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
320
Views
7
Helpful
4
Replies

dchp snooping

carl_townshend
Spotlight
Spotlight

‎01-19-2009 02:18 AM - edited ‎03-06-2019 03:30 AM

Hi all, after a rogue adsl router nearly bought my clients to a halt over the weekend. I am going to look into implenting dhcp snooping.

Firstly, Can anyone tell me where we do this, do we do it on all switches, or do layer 3 switches only support this ? also how does it work in a simple way, i believe you simply set the port for dhcp to trusted and the others to non trusted, is this right ?, and can it cause any issues ?

cheers

Carl

Labels:
0 Helpful
4 Replies 4

John Blakley
VIP Alumni
VIP Alumni

‎01-19-2009 06:36 AM

Carl,

You would add dhcp snooping on all of the switches that interconnect. When you enable dhcp snooping globally, I believe (others can correct me) ALL ports are untrusted, and you have to enable the trusted port (the port that you KNOW a valid DHCP server is on) manually. You can run DHCP snooping on 2950 (L2) switches, but I can't speak for, say the Cisco Express 500 series.

Here's a link for more reading:

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_19_ea1/configuration/guide/swdhcp82.html

HTH,

John

HTH, John *** Please rate all useful posts ***
0 Helpful

carl_townshend
Spotlight
Spotlight
In response to John Blakley

‎01-19-2009 08:34 AM

I have been reading some docs, it says I should have my uplink ports to other swithes as trusted, does this sound about right ?

0 Helpful

John Blakley
VIP Alumni
VIP Alumni
In response to carl_townshend

‎01-19-2009 09:21 AM

Yes. If you have switches connected to multiple switches, then the connected trunk ports should be trusted. If you have an untrusted trunk port and it sees a dhcp packet come across it, it will shut the port down in an err-disabled state (I believe).

HTH,

John

HTH, John *** Please rate all useful posts ***

griffijo
Level 1
Level 1

‎01-20-2009 06:50 AM

I just wanted to add one comment, because it is a mistake I have made in the past. If you have Etherchannel trunks between your switches, you have to trust both your phycical ports that belong to the channel-group and the logical interface, i.e. "interface Port-channel1".

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card