Cisco Support Community
Dynamic Host Configuration Protocol (DHCP) is a service that runs at the application layer of the Transmission Control Protocol/Internet Protocol (TCP/IP) stack to dynamically assign IP addresses to DHCP clients, and to allocate TCP/IP configuration information to DHCP clients. DHCP snooping is a security feature which acts as a firewall between untrusted hosts and trusted DHCP servers.
Snooping prevents false DHCP responses and monitor clients. They can prevent man-in-the-middle attacks and authenticate host devices. The DHCP snooping binding database is also used by IP source guard and Address Resolution Protocol (ARP) inspection. In Layer 3 switches, DHCP relay and snooping can be enabled on any interface with an IP address and on Virtual Local Area Networks (VLANs) with or without an IP address.
This article provides instructions on how to configure DHCP Properties on a switch which also facilitates the configuration of the DHCP Snooping and DHCP Relay.
- Sx350 Series
- SG350X Series
- Sx550X Series
Configure DHCP Snooping and Relay Settings on a Switch
Enable DHCP Snooping and Relay Settings
Step 1. Log in to the web-based utility of your switch then choose Advanced in the Display Mode drop-down list.
Step 2. Choose IP Configuration > IPv4 Management and Interfaces > DHCP Snooping/Relay > Properties.
Note: Menu options may vary depending on the device model. In this example, SG350X-48MP is used.
Step 3. (Optional) Check Enable Option 82 check box to insert Option 82 information into packets. This feature is disabled by default.
Note: DHCP messages are broadcast messages which cannot cross from one network to another. DHCP relay forwards the broadcast messages to a different network. It also adds option 82 to provide additional information on the client to the routing network. Option 82 is not needed when DHCP relay is enabled. However, if you use an external agent to do DHCP relay, option 82 needs to be enabled (Transparent DHCP relay). Option 82 helps the router to choose the client from the network pool.
Step 4. (Optional) Check the Enable DHCP Relay check box to enable DHCP relay feature. This feature is disabled by default.
Step 5. In the DHCP Snooping area, check the Enable DHCP Snooping Status check box to enable DHCP Snooping. This feature is disabled by default.
Step 6. (Optional) Check the Enable Option 82 Pass Through check box to enable packets from an untrusted source which have option 82 information. The packets from trusted interfaces are always forwarded. This option can only be configured if DHCP Snooping is enabled.
Step 7. (Optional) Make sure the Enable Verify MAC Address check box is enabled to force the device to verify whether the source Media Access Control (MAC) address of the Layer 2 header matches the client hardware address or not. This option is enabled by default.
Step 8. (Optional) Check the Enable Backup Database check box to back up the DHCP Snooping Binding database on the flash memory of the device. This option can only be configured if DHCP Snooping is enabled.
Step 9. Click Apply to apply the settings to the running configuration file.
Step 10. (Optional) Click Save to save settings to the startup configuration file.
You should now have enabled the DHCP Snooping and Relay settings on the switch.
Add a DHCP Server to the DHCP Relay Table
The DHCP server assigns and maintains an IP addresses database. Typically, the DHCP server is a router.
Step 1. In the DHCP Relay Server Table, click Add to define a DHCP server.
Step 2. The IP version is displayed in the IP Version area automatically. Enter the IP address of the DHCP server in the DHCP Server IP Address field.
Note: In this example, 192.168.1.1 is used.
Step 3. Click Apply then click Close. The settings are written to the running configuration file.
Step 4. (Optional) Click Save to save settings to the startup configuration file.
You should now have successfully added a DHCP Server to the DHCP Relay Server Table.
Delete a DHCP Server from the DHCP Relay Table
Step 1. In the DHCP Relay Server Table, check the box next to the DHCP server IP address you would like to delete.
Step 2. Click the Delete button to delete the server.
Step 3. (Optional) Click Save to save settings to the startup configuration file.
The DHCP server should now have been deleted from your switch.
You should now have configured the DHCP Snooping and Relay settings on your switch.