snooping

Unanswered Question

hi! I'm trying to configure DHCP snooping in our edge switches.

In my core sw, i've issue the global command "ip dhcp snooping". In the edge switch, i've issued 2 global commands "ip dhcp snooping vlan 2-4069" n
"ip dhcp snooping". In the edge switch's uplink to the core. I've configured the port-channel with "ip dhcp snooping trust".


The snooping did work. the clients connected to that subnets is not grabbing ip from the rogue dhcp svr that i set up, but when i remove the "ip dhcp snooping trust" command from my edge sw uplink, I'm not able to grap IPs from the rogue dhcp svr as well. I think this will create confusion when doing troubleshooting in the future.


Is that the behaviour of dhcp snooping? or is there any compulsory command that i missed that causes this?


Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Wed, 01/27/2010 - 05:56
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Dkblee,


you need to trust interfaces where the server is connected or on the path to legitimate server.


That is the feature does not allow multiple DHCP messages of same type on a port unless the port is trusted


Hope to help

Giuseppe

hi! which mean i need to configure the 2 global snooping command i mentioned + the snooping trust command from the edge sw uplink to my core uplink then the dhcp ethernet port itself? will this impact those old switches that's connected to the same core sw but do not or cannot have the snooping command?


Actually just for understanding, why my clients are not getting the ip from the rogue svr if i remove the snooping trust command from my edge sw uplink interface? (the core sw only have the global snooping command) i thought once i remove the trust command from the edge sw uplink, the client shd be getting the ip from the rogue dhcp svr right? thx

Actions

This Discussion