Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
692
Views
0
Helpful
4
Replies

IP DHCP SNOOPING

Go to solution
dacruzer1
Level 1
Level 1

‎07-09-2013 02:44 PM - edited ‎03-07-2019 02:19 PM

Ladies and Gents,

I am thinking about enabling "ip dhcp snooping" on my 3750G switches and was reading through all the options:  .   I want the option that will protect my network from dhcp snooping but I'm not sure which option to enable.  I am running VLANs on all my switches.  If theres anyone out there that has done this before, I would appreciate it.

Thanks

Alfred

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
acampbell
VIP Alumni
VIP Alumni

‎07-09-2013 05:30 PM

Alfred,

Here is a config that turns on DHCP snooping.
The DHCP server is on interface G1/0/10 and this is the only trused port.
All other ports are untrusted therefore DHCP responses like DHCPOFFER from untrusted ports are dropped.

You can read all about DHCP snooping in the config guide.
Here the link to IOS ver 12.2.55SE:-
http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_55_se/configuration/guide/swdhcp82.html#wp1058138


config t
!
ip dhcp snooping
!
ip dhcp snooping vlan 3-6,10-20
!
interface g1/0/10
description MY DHCP SERVER
ip dhcp snooping trust
!

Regards,
Alex.
Please rate useful posts.

Regards, Alex. Please rate useful posts.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
acampbell
VIP Alumni
VIP Alumni

‎07-09-2013 05:30 PM

Alfred,

Here is a config that turns on DHCP snooping.
The DHCP server is on interface G1/0/10 and this is the only trused port.
All other ports are untrusted therefore DHCP responses like DHCPOFFER from untrusted ports are dropped.

You can read all about DHCP snooping in the config guide.
Here the link to IOS ver 12.2.55SE:-
http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_55_se/configuration/guide/swdhcp82.html#wp1058138


config t
!
ip dhcp snooping
!
ip dhcp snooping vlan 3-6,10-20
!
interface g1/0/10
description MY DHCP SERVER
ip dhcp snooping trust
!

Regards,
Alex.
Please rate useful posts.

Regards, Alex. Please rate useful posts.
0 Helpful

Go to solution
dacruzer1
Level 1
Level 1
In response to acampbell

‎07-11-2013 08:15 AM

Hi Alex,

Thanks mcuh for the info.  I have enabled per your config.

What about clients on the same switch, do I need to enable "ip DHCP snooping trust" also?

Thanks

Alfred

0 Helpful

Go to solution
acampbell
VIP Alumni
VIP Alumni
In response to dacruzer1

‎07-11-2013 10:49 AM

Alfred,

In short NO

You only trust the interfaces that connected the DHCP servers.

Regards,
Alex.
Please rate useful posts.

Regards, Alex. Please rate useful posts.
0 Helpful

Go to solution
dacruzer1
Level 1
Level 1
In response to acampbell

‎07-11-2013 10:53 AM

Alex,

Thansk again!

Alfred

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card