×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Configure Dynamic Host Configuration Protocol (DHCP) Snooping and Relay Settings on your Switch

Document

Fri, 03/10/2017 - 11:00
Mar 10th, 2017
User Badges:

Cisco Support Community

Article ID: 5406

Objective

Dynamic Host Configuration Protocol (DHCP) is a service that runs at the application layer of the Transmission Control Protocol/Internet Protocol (TCP/IP) stack to dynamically assign IP addresses to DHCP clients, and to allocate TCP/IP configuration information to DHCP clients. DHCP snooping is a security feature which acts as a firewall between untrusted hosts and trusted DHCP servers.

Snooping prevents false DHCP responses and monitor clients. They can prevent man-in-the-middle attacks and authenticate host devices. The DHCP snooping binding database is also used by IP source guard and Address Resolution Protocol (ARP) inspection. In Layer 3 switches, DHCP relay and snooping can be enabled on any interface with an IP address and on Virtual Local Area Networks (VLANs) with or without an IP address.

This article provides instructions on how to configure DHCP Properties on a switch which also facilitates the configuration of the DHCP Snooping and DHCP Relay.

Applicable Devices

  • Sx350 Series
  • SG350X Series
  • Sx550X Series

Software Version

  • 2.2.5.68

Configure DHCP Snooping and Relay Settings on a Switch

Enable DHCP Snooping and Relay Settings

Step 1. Log in to the web-based utility of your switch then choose Advanced in the Display Mode drop-down list.

ijgm_01062016_dhcp-snooping-relay-settings_step1.png

Step 2. Choose IP Configuration > IPv4 Management and Interfaces > DHCP Snooping/Relay > Properties.

ijgm_01062016_dhcp-snooping-relay-settings_step2.png

Note: Menu options may vary depending on the device model. In this example, SG350X-48MP is used.

Step 3. (Optional) Check Enable Option 82 check box to insert Option 82 information into packets. This feature is disabled by default.

ijgm_01062016_dhcp-snooping-relay-settings_step3.png

Note: DHCP messages are broadcast messages which cannot cross from one network to another. DHCP relay forwards the broadcast messages to a different network. It also adds option 82 to provide additional information on the client to the routing network. Option 82 is not needed when DHCP relay is enabled. However, if you use an external agent to do DHCP relay, option 82 needs to be enabled (Transparent DHCP relay). Option 82 helps the router to choose the client from the network pool.

Step 4. (Optional) Check the Enable DHCP Relay check box to enable DHCP relay feature. This feature is disabled by default.

ijgm_01062016_dhcp-snooping-relay-settings_step4.png

Step 5. In the DHCP Snooping area, check the Enable DHCP Snooping Status check box to enable DHCP Snooping. This feature is disabled by default.

ijgm_01062016_dhcp-snooping-relay-settings_step5.png

Step 6. (Optional) Check the Enable Option 82 Pass Through check box to enable packets from an untrusted source which have option 82 information. The packets from trusted interfaces are always forwarded. This option can only be configured if DHCP Snooping is enabled.

ijgm_01062016_dhcp-snooping-relay-settings_step6.png

Step 7. (Optional) Make sure the Enable Verify MAC Address check box is enabled to force the device to verify whether the source Media Access Control (MAC) address of the Layer 2 header matches the client hardware address or not. This option is enabled by default.

ijgm_01062016_dhcp-snooping-relay-settings_step7.png

Step 8. (Optional) Check the Enable Backup Database check box to back up the DHCP Snooping Binding database on the flash memory of the device. This option can only be configured if DHCP Snooping is enabled.

ijgm_01062016_dhcp-snooping-relay-settings_step8.png

Step 9. Click Apply to apply the settings to the running configuration file.

ijgm_01062016_dhcp-snooping-relay-settings_step9.png

Step 10. (Optional) Click Save to save settings to the startup configuration file.

ijgm_01062016_dhcp-snooping-relay-settings_step10.png

You should now have enabled the DHCP Snooping and Relay settings on the switch.

Add a DHCP Server to the DHCP Relay Table

The DHCP server assigns and maintains an IP addresses database. Typically, the DHCP server is a router.

Step 1. In the DHCP Relay Server Table, click Add to define a DHCP server.

ijgm_01062016_add-dhcp-server-relay_step1.png

Step 2. The IP version is displayed in the IP Version area automatically. Enter the IP address of the DHCP server in the DHCP Server IP Address field.

ijgm_01062016_add-dhcp-server-relay_step2.png

Note: In this example, 192.168.1.1 is used.

Step 3. Click Apply then click Close. The settings are written to the running configuration file.

Step 4. (Optional) Click Save to save settings to the startup configuration file.

ijgm_01062016_add-dhcp-server-relay_step4.png

You should now have successfully added a DHCP Server to the DHCP Relay Server Table.

Delete a DHCP Server from the DHCP Relay Table

Step 1. In the DHCP Relay Server Table, check the box next to the DHCP server IP address you would like to delete.

ijgm_01062016_delete-dhcp-server-relay_step1.png

Step 2. Click the Delete button to delete the server.

ijgm_01062016_delete-dhcp-server-relay_step2.png

Step 3. (Optional) Click Save to save settings to the startup configuration file.

ijgm_01062016_delete-dhcp-server-relay_step3.png

The DHCP server should now have been deleted from your switch.

You should now have configured the DHCP Snooping and Relay settings on your switch.

Loading.

Actions

This Document