I would like to implement DHCP snooping function beetween a cat4510 (name switch A) with one DHCP server connected to it (vlan_dhcp_server) , and an access-switch (name switch E, DHCP client on vlan_dhcp_client) also connected throught several switches (names switches: B, switch C, switch D) to switch E.
DHCP client and DHCP server are not on the same vlans (there is a router)
On switch A,
the interface to the DHCP server is in a trusted mode the interface to the router is in a trusted mode dhcp snooping activated on vlan vlan_dhcp_client even if there is no client directly connected
on switch E, no DHCP snooping definition
on switches B, C and D no DHCP definition
on the router (switch cat4500 acting also as a router): the interface to swith A is in a trust mode, but dhcp snooping isn't running/activated
Questions: 1) do I have to implement also DHCP snooping to all switches between swith A and switch E (B, C, and D) ? (with trusted interface to switch A, activation on vlan_dhcp_client 2) on the router do I have to enable DHCP snooping also on the router globally (even if there is no client from any vlans directly connected to the router (it is a cat4500 box) ? ip dhcp snooping still on the switch-router box, do I have to implement DHCP snooping on vlan_dhcp_client even if there is no client on this box directly connected? ip dhcp snooping vlan <vlan_dhcp_client>
DHCP snooping feature can't be considered as domain wide implementation like VTP. As you might be aware that DHCP snooping binding database is stored locally on the switch, so i m sure that you need not enable DHCP snooping through the way.
What you can do is enable dhcp snooping for the vlan on the switch where client is connected and make that port as untrusted and uplink from upstream switch as trusted. and check for the dhcp snooping binding or database on the local switch, which makes sense to me.
What i believe is such features cannot be deployed in campus at one go looking at the size... so its practical to say you can deploy it on one switch and server may reside on other network separated by several devices switches or routers.
Thank you for answer. Yes I think like you. Then I go on testing, DHCP snooping is running ok on switch A, with no DHCP function on sitches B, C D and E. The last problem I met on switch A is in fact related to option 82.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...