I need to config DHCP snooping at my catalyst 3560 switch, i did that but i have the following questions:
- all access ports "to clients" must be untrusted, and the untrusted state determined by the limit rate command, and as i read Cisco recommend the limit rate to 100, right?
- For the remote sites, i have PCs and Cisco IP Phones, i have configured a trunk link from the switch to the Router "gateway" with subinterfaces at the router ethernet ports for intervlan routing with ip helper command at the router subinterfaces, i think when the DHCP snooping is enabled at the remote site switch, i will see the DHCP snooping binding table, right? but in my case i can't see it, is it required to config the ip helper-address at the Switch i.e: the switch will be the gateway for both PCs and the IP phones using SVIs? and assign the ip helper-address at the SVI to see the binding table?
- i think the binding table is required in order to config the dynamic ARP inspection and the IP source guard, right?
O.k i will add this interface command and update you. But is it necessary to be the ip helper address at the switch itself? or the switch can detect the DHCP traffic and build the binding table?
Since i have a topology at my remote sites where the PCs and the IP Phones are connected to the switch with Data and Voice VLANs and their gateway is the subinterface at the router. I.E. the ip helper address is set at this subinterface not at the switch itself.
IP helper needs to be specified only on routed or vlan interfaces for DHCP traffic to pass them. You can't and it makes no sense to use ip helper in layer 2 environment.
The binding table is constructed only when DHCP traffic _is_ passing the switch. If you have the dhcp server beind a router that does not pass dhcp traffic then dhcp will not work on your network and the binding table will be empty.
Sure no sense to put the ip helper at layer2 interface, this is not my question.
I have PCs connected to Cisco IP phones, and these phones connected to Cisco 3560 switch, and i have a trunk link to Cisco router, in this router two subinterfaces created for the two vlans at the switch "data and voice", i set the ip helper at the subinterfaces at the router. The PCs will broadcast asking for an IP address, this broadcast request will be delivered to the router, and the router will pass it to the DHCP server "ip helper command". now, i'm checking my switch, and the binding table is empty, i think the switch will recognize the DHCP traffic and build that binding table, right? also does this command "ip dhcp relay information trusted " required at the router sub-interface with ip helper command?
Another question, i think by default the interfaces will be untrusted, right? is it required to rate limit DHCP packets at these interfaces or not? i did the rate limit and sometimes the Cisco IP phone don't get an IP address unless i removed the rate limit command or disable the DHCP at the switch "global".
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...