Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IP DHCP SNOOPING

Ladies and Gents,

I am thinking about enabling "ip dhcp snooping" on my 3750G switches and was reading through all the options:  .   I want the option that will protect my network from dhcp snooping but I'm not sure which option to enable.  I am running VLANs on all my switches.  If theres anyone out there that has done this before, I would appreciate it.

Thanks

Alfred

1 ACCEPTED SOLUTION

Accepted Solutions
Green

IP DHCP SNOOPING

Alfred,

Here is a config that turns on DHCP snooping.
The DHCP server is on interface G1/0/10 and this is the only trused port.
All other ports are untrusted therefore DHCP responses like DHCPOFFER from untrusted ports are dropped.

You can read all about DHCP snooping in the config guide.
Here the link to IOS ver 12.2.55SE:-
http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_55_se/configuration/guide/swdhcp82.html#wp1058138


config t
!
ip dhcp snooping
!
ip dhcp snooping vlan 3-6,10-20
!
interface g1/0/10
description MY DHCP SERVER
ip dhcp snooping trust
!

Regards,
Alex.
Please rate useful posts.

Regards, Alex. Please rate useful posts.
4 REPLIES
Green

IP DHCP SNOOPING

Alfred,

Here is a config that turns on DHCP snooping.
The DHCP server is on interface G1/0/10 and this is the only trused port.
All other ports are untrusted therefore DHCP responses like DHCPOFFER from untrusted ports are dropped.

You can read all about DHCP snooping in the config guide.
Here the link to IOS ver 12.2.55SE:-
http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_55_se/configuration/guide/swdhcp82.html#wp1058138


config t
!
ip dhcp snooping
!
ip dhcp snooping vlan 3-6,10-20
!
interface g1/0/10
description MY DHCP SERVER
ip dhcp snooping trust
!

Regards,
Alex.
Please rate useful posts.

Regards, Alex. Please rate useful posts.
New Member

IP DHCP SNOOPING

Hi Alex,

Thanks mcuh for the info.  I have enabled per your config.

What about clients on the same switch, do I need to enable "ip DHCP snooping trust" also?

Thanks

Alfred

Green

IP DHCP SNOOPING

Alfred,

In short NO

You only trust the interfaces that connected the DHCP servers.

Regards,
Alex.
Please rate useful posts.

Regards, Alex. Please rate useful posts.
New Member

IP DHCP SNOOPING

Alex,

Thansk again!

Alfred

146
Views
0
Helpful
4
Replies
CreatePlease login to create content