DHCP Snooping Questions

Unanswered Question
Sep 8th, 2009

From what I've read DHCP snooping can help prevent unauthorized DHCP servers from causing disruptions on the network. I don't see how that is from the configurations I've read.

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/12ew/configuration/guide/dhcp.pdf


I want to implement something on my private network that is comprised of over 100 VLAN's. I can't see how the commands detailed on that page can stop an unauthorized DHCP server from responding to DHCP requests. Am I missing something?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Edison Ortiz Tue, 09/08/2009 - 17:37

When you enable DHCP Snooping, all switchports will automatically become untrusted thus you will manually need to identify the switchport where real DHCP is connected to - and dhcp trust that port.


You will need to dhcp trust inter-switch links as well.


If you don't dhcp trust a switchport, no DHCP server information will be relayed into your switched network.


__


Edison.

rshum Tue, 09/08/2009 - 17:53

Thanks Edison, I was afraid of that. I have had issues with users who come in with a DHCP server like a small home router and plug into their network jacks. I can't put in .1X authentication yet so I couldn't go in that direction.

Actions

This Discussion