Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
292
Views
0
Helpful
1
Replies

DHCP SNOOPING

hani-molani
Level 1
Level 1

‎09-12-2009 05:41 AM - edited ‎03-04-2019 06:01 AM

Dear all

I want to know what if DHCP is reside on cisco router or cisco Switch itself?

then what issue must be considered for DHCP SNOOPING or IP SOURCE GUARD?

Labels:
0 Helpful
1 Reply 1

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎09-13-2009 02:52 AM

Hello Hani,

if the switch is acting as DHCP server with DHCP address pools defined on it you can still deploy DHCP snooping and IP source guard.

see

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_44_se/configuration/guide/swdhcp82.html#wp1294275

When the DHCP server is external and the switch acts as a DHCP relay to implement DHCP snooping an IP source guard you need to configure the uplinks as trusted ports otherwise clients cannot get IP addresses via the external DHCP (the security features will not accept multiple DHCP messages on the same untrusted port so the need to trust uplink ports or the port where the DHCP server is connected).

With an internal server this problem should be overcomed, however uplinks need to be excluded from IP source guards checks because potentially the source IP address of received packets is any possible value.

Hope to help

Giuseppe

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card