Unanswered Question
Sep 12th, 2009

Dear all

I want to know what if DHCP is reside on cisco router or cisco Switch itself?

then what issue must be considered for DHCP SNOOPING or IP SOURCE GUARD?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Giuseppe Larosa Sun, 09/13/2009 - 02:52

Hello Hani,

if the switch is acting as DHCP server with DHCP address pools defined on it you can still deploy DHCP snooping and IP source guard.



When the DHCP server is external and the switch acts as a DHCP relay to implement DHCP snooping an IP source guard you need to configure the uplinks as trusted ports otherwise clients cannot get IP addresses via the external DHCP (the security features will not accept multiple DHCP messages on the same untrusted port so the need to trust uplink ports or the port where the DHCP server is connected).

With an internal server this problem should be overcomed, however uplinks need to be excluded from IP source guards checks because potentially the source IP address of received packets is any possible value.

Hope to help



This Discussion