Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

dhcp snooping

hi together,

i've a design-problem with dhcp snooping.

when i've all the users connected to access-switches and routing defined on the distribution switches there is no problem because i can use the "ip dhcp relay information trusted" command on the vlan interfaces of the distribution-switches to get it working.

the problem occurs when i also have users connected to the distribution switch.

when enabling dhcp snooping all the dhcp relay-commands are refused by default.

so all the users at the access-switches aren't provided with dhcp any more.

so how can get dhcp-snooping working for both, users at access-switches and users at distribution switches at the same time ?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: dhcp snooping

In our network we have DHCP snooping working without using "ip dhcp relay information trust".

To configure DHCP snooping we basically trust all links between switches (trunks) and don't trust anything connected to an access port (except the DHCP server).

All you should need to do is the following:

1. On all of your switches enable DHCP snooping as follows:

ip dhcp snooping

ip dhcp snooping vlan 1 4094

2. On your distribution switch:

a) configure "ip dhcp snooping trust" on all of the ports to switch your access switches are connected.

b) configure "ip dhcp snooping trust" on the port to which your DHCP server is connected, or if it is not connected to the Distribution configure "ip dhcp snooping trust" on the uplink that links to the DHCP server (e.g. your core switch)

3. On your access switches:

a) Configure "ip dhcp snooping trust" on the ports connected to your distribution switch.

2 REPLIES

Re: dhcp snooping

In our network we have DHCP snooping working without using "ip dhcp relay information trust".

To configure DHCP snooping we basically trust all links between switches (trunks) and don't trust anything connected to an access port (except the DHCP server).

All you should need to do is the following:

1. On all of your switches enable DHCP snooping as follows:

ip dhcp snooping

ip dhcp snooping vlan 1 4094

2. On your distribution switch:

a) configure "ip dhcp snooping trust" on all of the ports to switch your access switches are connected.

b) configure "ip dhcp snooping trust" on the port to which your DHCP server is connected, or if it is not connected to the Distribution configure "ip dhcp snooping trust" on the uplink that links to the DHCP server (e.g. your core switch)

3. On your access switches:

a) Configure "ip dhcp snooping trust" on the ports connected to your distribution switch.

New Member

Re: dhcp snooping

thank's for your help

that's exactly what i was looking for :-)

153
Views
10
Helpful
2
Replies