cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2636
Views
5
Helpful
3
Replies

DHCP snooping vs routed port

ROBERTO TACCON
Level 4
Level 4

Hi to All,

I have multiple VLANs configured on a L2/L3 switch (cisco 3750) and one DHCP server configured on wan [using ip helper-address on the switch I forward the DHCP request on a L3 interface (the port vs the DHCP server is a routed port)].

If I enable dhcp snooping on the switch I need also to configure the TRUSTED PORT (the port vs the DHCP server) but I cannot configure it as it's a L3 routed port vs the wan router.

How it's possible to enable DHCP snooping on the switch and use the DHCP server on the "wan" ?

Regards

1 Accepted Solution

Accepted Solutions

Hello Roberto,

I was thinking of:

ip dhcp snooping

! enables for all vlans

no ip dhcp snooping vlan 3

! disabling DHCP snooping for core facing

! vlan

but your configuration should be fine, only doubt is that a general

ip dhcp snooping

may be needed

Hope to help

Giuseppe

View solution in original post

3 Replies 3

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Roberto,

a routed port is not part of any Vlan so DHCP snooping is not running on it.

if you use an SVI + a physical port as your core facing link you can still disable ip igmp snooping on the associated L2 vlan.

Hope to help

Giuseppe

Hi Giuseppe,

thanks for the info.

Please can you check the conf. and tell me if will be correct ?:

THE CURRENT SWITCH CONFIGURATION

!

!

interface GigabitEthernet1/0/1

description ** DHCP pc 192.168.2.0/24 **

switchport access vlan 2

switchport mode access

load-interval 30

!

interface GigabitEthernet1/0/2

description ** DHCP pc 192.168.2.0/24 **

switchport access vlan 2

switchport mode access

load-interval 30

!

interface GigabitEthernet1/0/3

description ** DHCP pc 192.168.2.0/24 **

switchport access vlan 2

switchport mode access

load-interval 30

!

interface GigabitEthernet1/0/24

description ** TO WAN ROUTER **

no switchport

ip address 192.168.254.254 255.255.255.252

!

interface Vlan2

description ** LAN **

ip address 192.168.2.254 255.255.255.0

ip helper-address 192.168.1.254

!

ip forward-protocol udp bootpc

!

ip route 192.168.1.0 255.255.255.0 192.168.254.253

!

THE NEW SWITCH CONFIGURATION

!

ip dhcp snooping Vlan 2

!

interface Vlan3

description ** LAN TO WAN ROUTER **

ip address 192.168.254.254 255.255.255.0

!

interface GigabitEthernet1/0/24

description ** TO WAN ROUTER **

switchport

switchport access Vlan 3

ip dhcp snooping trust

!

Regards

Roberto Taccon

Hello Roberto,

I was thinking of:

ip dhcp snooping

! enables for all vlans

no ip dhcp snooping vlan 3

! disabling DHCP snooping for core facing

! vlan

but your configuration should be fine, only doubt is that a general

ip dhcp snooping

may be needed

Hope to help

Giuseppe

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: