Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

DHCP snooping on 6500 thats running dhcp pools

I want to enable DHCP snooping on the 6500 but I also don't want it to block the 6500 itself from being a DHCP server. Is there anything special I need to do? I plan to put in the rate limit on all interfaces with nothing Trusted since there are no physical DHCP servers connected to any interface.

5 REPLIES
New Member

Re: DHCP snooping on 6500 thats running dhcp pools

Are there any trunk links connecting to other switches (that are in the broadcast domain where snooping is enabled)? You will have to trust those links or you will run into problems. If the switch itself is the DHCP server for that vlan where snooping is enabled than you will be fine. Let me know if you need more information.

New Member

Re: DHCP snooping on 6500 thats running dhcp pools

Yes the uplinks to other access switches I plan on making them trust. I also have a couple of fastethernet blades on the 6500 that users connect to directly as well.

New Member

Re: DHCP snooping on 6500 thats running dhcp pools

If you trust the uplinks ports than you will be fine.

Bronze

Re: DHCP snooping on 6500 thats running dhcp pools

Just a point of clarification that I had a hard time understanding at first- you only have to trust L2 uplink ports- if you're using IP Helper commands, you do NOT have to trust uplinks!

I realize this gets more confusing in a 'blended' l2/l3 design. If you're running a traditional "route at the distribution, switch to the access" method, then you need to trust on the uplinks between the distribution and access.

If you've got L3 pushed towards the edge, and the DHCP server exists someplace 'off net', and all hops are purely L3- you don't need to trust any ports.

Similarly, if the DHCP server is the LOCAL switch,you don't need to enable any trust.

If the DHCP server is the DISTRIBUTION switch, and you've got L2 uplinks to the access, you'll need to trust the UPLINK ports, but no special configuration would otherwise be required on the distribution switch.

New Member

Re: DHCP snooping on 6500 thats running dhcp pools

You are correct....

134
Views
0
Helpful
5
Replies
CreatePlease to create content