Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

DHCP Snooping and moving between VLANs

Hi,

We have recently configured DHCP snooping and DAI. Seems to work okay however if I try to move to another VLAN and lease an IP address it fails with a %SW_DAI-4-DHCP_SNOOPING_DENY.

I am new to DHCP snooping however my understanding is that by moving to another VLAN (same switch), the switch would see the new DHCP lease and update the binding accordingly.

Not sure if it is my understanding of DHCP Snooping that is incorrect or whether there is a misconfiguration somewhere. Thanks in advance for any suggestions.

1 REPLY
Community Member

Re: DHCP Snooping and moving between VLANs

DHCP-Snooping is a security feature in Catalyst Switches. It filters untrusted dhcp-messages and protects clients from peering up with an unauthorized DHCP server.

Config example:

Turn on snooping (global command)

Switch(config)# ip dhcp snooping

Switch(config)# ip dhcp snooping vlan [name]

Port-Configuration of DHCP server

Switch(config)# interface GigabitEthernet x/x

Switch(config-if)# ip dhcp snooping trust

Switch(config-if)# ip dhcp snooping limit rate 100

144
Views
0
Helpful
1
Replies
CreatePlease to create content