Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

DHCP snooping without vlan association

Hello,

Check a DHCP snooping on a switch, i found the following configuration:

sh run | inc dhcp
no ip dhcp snooping information option
ip dhcp snooping
ip dhcp snooping trust

..........

the following link

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/53SG/configuration/dhcp.html#wp1073354

is usefull, but in the section:

"When you enable DHCP snooping on a switch, the interface acts as a Layer 2 bridge, intercepting and safeguarding DHCP messages going to a Layer 2 VLAN. When you enable DHCP snooping on a VLAN, the switch acts as a Layer 2 bridge within a VLAN domain. "

I do not understand : the interface acts as a Layer 2 bridge, intercepting and safeguarding DHCP messages going to a Layer 2 VLAN

Is it to say that DHCP packets are blocked for all vlans by default, and that when you list the vlans that the inspection (regarding trusted and untrusted interface) is done only for those vlans.

For any other vlans not listed, then all DHCp request are blocked ?

Maybe I miss understand. Can someone give me some more information/explaination ?

regards,

Everyone's tags (2)
1 REPLY
Cisco Employee

Re: DHCP snooping without vlan association

Hello,

The link you have included in your post has slightly confused me as well

Nevertheless, this is how I understand it: If you want to deploy the DHCP Snooping, you have first to activate the support on the global level using the ip dhcp snooping command, and subsequently, activate the DHCP Snooping for the selected VLAN using the command ip dhcp snooping vlan N. All other VLANs for which the DHCP Snooping is not activated explicitly are not influenced by the DHCP Snooping and there is no limiting nor protection on the DHCP communication. Only the explicitly specified VLANs will be affected by the DHCP Snooping feature.

Best regards,

Peter

1100
Views
0
Helpful
1
Replies