Re: DHCP snooping config

roquette · ‎11-28-2006

I having some difficulties configuring DHCP snooping. My network consist of 2950C-24's connected to 3550-24-FX's via fiber and the 3550-24-FX's connected to a 3750-48TS via fiber GBIC card. My DHCP server is located on the 3750 and all my workstations are on the 2950's. I can get DHCP snooping to work correctly when I directly connect the 2950 to the 3750 via trunk ethernet connection but when i try to use the 3550 is when I run into troubles. any help with this would be greatly appreciated.

Edison Ortiz · ‎11-28-2006

Laurent,

I hope this URL can help

http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_chapter09186a00801cdf1c.html

roquette · ‎11-30-2006

I took at the document and it seems I have it set up right. I have will paste in a brief config of what i have right now:

*******3750

ip dhcp snooping

ip dhcp snooping vlan 4,240,252

no ip dhcp snooping information option

!

! Connection to 3550

interface GigabitEthernet1/0/2

switchport trunk encapsulation dot1q

switchport mode dynamic desirable

!

! Connection to DHCP SERVER

interface FastEthernet1/0/37

switchport access vlan 240

switchport mode access

duplex full

speed 100

no cdp enable

spanning-tree portfast

ip dhcp snoop trust

********3550

ip dhcp snooping

ip dhcp snooping vlan 4

ip dhcp snooping vlan 240

ip dhcp snooping vlan 252

no ip dhcp snooping information option

!

! Connection to 2950

interface FastEthernet0/1

switchport trunk encapsulation dot1q

switchport mode dynamic desirable

duplex full

ip dhcp snooping trust

!

! Connection to 3750

interface GigabitEthernet0/1

switchport trunk encapsulation dot1q

switchport mode dynamic auto

ip dhcp snooping trust

********2950

ip dhcp snooping

ip dhcp snooping vlan 4

ip dhcp snooping vlan 240

ip dhcp snooping vlan 252

no ip dhcp snooping information option

!

! Connection to 3550

interface FastEthernet0/25

switchport mode trunk

udld port

ip dhcp snooping trust

ovt · ‎11-30-2006

This is probably due to wrong trust states configured on the 3550. Should be:

PC -> untrusted 2950 trusted -> untrusted 3550 trusted -> untrusted 3750 trusted -> DHCP server.

The switch does not build DHCP snooping table on the trusted port. This is not what you want, right?

roquette · ‎12-05-2006

Sorry I was out of the office for a few days!!

I need a binding table on the 2950 and 3750. The only things connected in my network on the 3550's are the 2950's.

So I tried the config you suggested and still can not get my reservation from the DHCP server. What other commands do I need to include to make this work??

Thanks!!

amikat · ‎12-05-2006

Hi,

Please make sure you have "ip helper-address" commands under inerfaces vlan240 & vlan252 within cat3750 to point to your DHCP server. Also please make sure your trunks are set up correctly (e.g. to autonegotiate trunking, the the interfaces must be in the same VTP domain) - I would suggest to put interfaces in trunk mode to trunk unconditionally at least for the testing purposes. As you are not using option 82 (interface tracker) your configuration should work both as configured originally and as suggested by one of the posts above.

Best regards,

Antonin