DHCP snooping on 3750 in ip routing mode and 2960 switches in simpe LAN
On a LAN I have a CAT3750 in ip routing mode that connects to a 2821 router configured for OSPF routing to jump across a wireless link to another site. The 3750 has two vlans: 1 and 2. All ports on the 3750 are in trunking mode. Also, the 3750 is configured as a dhcp server on vlan 2. Connected to the 3750 are cat 2960TC's. All but one of the 2960s is configured as follows:
The gig ports of the 2960 are all in trunking mode, the fast ethernet ports are all in vlan 2. Cascaded to these 2960TC's using the gig ports are 1 or 2 2960TT's. (TC-gig fiber & gig ethernet, TT-gig ehternet only).Everything was working fine until one day, I found out that clients in vlan 2 were getting dhcp info from outside the vlan 2 ip subnet. The dhcp scope for vlan 2 is 172.17.0.0/16. Somehow, the clients were getting dhcp info 192.168.10.0/24 from 192.168.10.1. I traced this beast across the wireless link to the other site. As indicated above, the other site is a trusted network connected via 2821 routers with OSPF configured. To stop the DHCP info from traveling over the wireless link, I put in an ACL on the corresponding 3750 droping the 192.168.10.0 traffic. However, I also want to prevent rogue dhcp servers from answering dhcp requests on the local LAN.
Would this work?
On the 3750:
ip dhcp snooping
ip dhcp snooping vlan 2
no ip dhcp snooping infomation option
On the gig ports on the 2960TCs that connect to the 3750:
ip dhcp snooping trust
and on the fast ethernet ports of the 2960TCs:
no ip dhcp snooping trust.
On the gig0/2 of the 2960TC that cascades to the 2960, I don't configure any snooping option.
However, on the 2960TT all fast ethernet ports have the no ip dhcp snooping trust. But, the gig port that connects to the 2960TC would have the ip dhcp snooping trust configuration.
As well, do I have to configure the snooping binding database and ntp server or are they optional?
Re: DHCP snooping on 3750 in ip routing mode and 2960 switches i
Thank you, Nirav, for responding. I am curious about the "large number of hosts". The site that I am trying to configure is a hotel/work camp. Currently, there are about 2500 guests, but that will grow to around 4000 within the next year. At the most, I would think that 1/4 of guests would have laptops. So, let's say we have 1000 connections max. Would a 3750 be able to handle that number of DHCP leases?
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...