DHCP Snooping Help

amwtpCisco · ‎05-02-2006

Hello,

I am trying to enable DHCP snooping on one of my access switches. I have completed the following:

1. The DHCP snooping database file is specified on the switch (tftp to a server) and connectivity is verified (the switch has written its header to the file).

2. Specified my uplink port as trusted.

3. Globally activated DHCP snooping

4. Activated DHCP snooping for the vlan that end users are connecting to.

After that when users connect they get no DHCP services at all. There are no indication or log events on the switch to indicate that there are any problems, but also no bindings show.

Is there something I'm missing?

Thanks in advance for any help.

--Brian D. Zieroth

pradeepde · ‎05-09-2006

DHCP snooping is a DHCP security feature that provides security by filtering untrusted DHCP messages and by building and maintaining a DHCP snooping binding table. An untrusted message is a message that is received from outside the network or firewall and that can cause traffic attacks within your network. The DHCP snooping binding table contains the MAC address, IP address, lease time, binding type, VLAN number, and interface information that corresponds to the local untrusted interfaces of a switch; it does not contain information regarding hosts interconnected with a trusted interface. An untrusted interface is an interface that is configured to receive messages from outside the network or firewall. A trusted interface is an interface that is configured to receive only messages from within the network.

DHCP snooping acts like a firewall between untrusted hosts and DHCP servers. It also gives you a way to differentiate between untrusted interfaces connected to the end-user and trusted interfaces connected to the DHCP server or another switch.

http://www.cisco.com/en/US/products/hw/switches/ps4324/products_configuration_guide_chapter09186a008011c8ac.html#1073418