cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
308
Views
0
Helpful
1
Replies

DHCP snooping

NorthgateIS
Level 1
Level 1

Trying to run DHCP snooping on a 2960. Using DOT1X to assign PC's into VLAN's for healthy, quarantine, guest etc but only VLAN 1 has an interface and IP address assigned.

When trying to use the "ip dhcp snooping vlan XXX" command the VLANs are shown in the config but doing a show ip dhcp snooping only ever shows VLAN 1.

Anyone aware of a way to resolve this apart from adding VLAN interfaces and possibly ip addresses to them?

Thanks

1 Reply 1

bjw
Level 4
Level 4

There's Dynamic VLAN membership DVMP.

http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/29_35sa6/eescg/mascvmps.htm

But remember, DVMP is used to ensure specific Layer 2 addresses are assigned to specific VLANS. And the VLANS have to exist. (Vlan 1 always exists).

If you are using multiple VLANS you might want to make 1 upsteam Layer 2 device a VTP domain server, there you would create all the vlan interfaces with you need, and use VTP clients to shake the vlans down to down-stream switches.

So to answer your question, yes a VLAN is a Layer 2 broadcast domain and must exist somewhere if it is to be used, you don't have to give it an IP address but I really can't imagine many reason I would keep things strictly at layer 2. That of course depends on your IP addressing schema and physical architecture.

Bill

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco