Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

DHCP Snooping

I am setting up DHCP Snooping and I am looking at the configuration guide for the 6500 series switch. These are the steps that they show:

Step 1

Add DHCP snooping to the VACL.

set security acl ip acl_name permit dhcp-snooping

Step 2

Configure the VACL to allow DHCP snooping from all hosts.

set security acl ip acl_name permit ip any any

Step 3

Save the VACL.

commit security acl acl_name

Step 4

Add an ACL to a VLAN.

set security acl map acl_name 10

What I want to know is if I make this access list will the other "set security acl" entries that I already have be overwritten? Also, for the "ip permit any any", this will make it so that all the hosts are are bound by dhcp-snoop right?


Re: DHCP Snooping

Since the named access-list used for snooping and security will be different, it will not be overwritten.

Access-list are not overwritten when you add statements but they just get appended at the end. You need to be careful while removing statements.

HTH, rate if it does