Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2225
Views
4
Helpful
6
Replies

ip dhcp snooping on vlan

vishalpatil86
Level 1
Level 1

‎02-10-2015 08:10 AM - edited ‎03-07-2019 10:35 PM

hi

 

i have following configuration in my switch

 

ALS1(config)# ip dhcp snooping
ALS1(config)# interface range fastethernet 0/7 - 12
ALS1(config-if-range)# ip dhcp snooping trust
ALS1(config-if-range)# exit
ALS1(config)# interface range fastethernet 0/15 - 24
ALS1(config-if-range)# ip dhcp snooping limit rate 20
ALS1(config-if-range)# exit
ALS1(config)# ip dhcp snooping vlan 100,200

 

my question is why do we have to configure dhcp snooping on vlan if we already configured on port??

 

Thanks

vish

Labels:
0 Helpful
6 Replies 6

Jon Marshall
Hall of Fame
Hall of Fame

‎02-10-2015 08:27 AM

Vish

You haven't configured it on the port as such.

First you enable it globally which have done.

You then specific which vlans you want it to run on.

Then at the port level you can specify certain parameters such as is the port a trusted port.

Nowhere in your config above have you specified untrusted ports but the switch knows which they are because you have specified -

1) the vlan to run DHCP snooping on

and

2) the ports that are trusted

so it can work out which ports are untrusted.

Jon

0 Helpful

vishalpatil86
Level 1
Level 1
In response to Jon Marshall

‎02-10-2015 08:38 AM

hi jon,

 

let me rephrase the question.

why do we need to enable snooping on vlans? is it really necessary? if yes, why?

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to vishalpatil86

‎02-10-2015 08:47 AM

I think it just gives you more flexibility ie. you may want to enable DHCP snooping but only for some vlans.

If you are asking why you need to enable it globally and then per vlan when you could just enable it per vlan I agree with what you are saying.

There are a number of other commands etc. that follow this line ie. enable it globally and then per vlan or per interface etc.

I suspect it may be to do with enabling it globally sets up certain things needed on a system wide and not a per vlan or per interface basis but I have wondered that myself sometimes :-)

Jon

0 Helpful

vishalpatil86
Level 1
Level 1
In response to Jon Marshall

‎02-10-2015 08:56 AM

ok, i understood what you are trying to say.

but, if i dont enable it on vlan, does it matter?

i mean if i am enabling it globally, then i am enabling it per port basis, then do i need to enable it on vlan as well?

 

rephrasing the question ---

if fa0/1-10 are in vlan 100

then, is enabling snooping per port basis(fa0/1010) similar to enabling it on vlan 100?

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to vishalpatil86

‎02-10-2015 09:06 AM

No it's isn't.

DHCP snooping is not active until you enable it on the vlan so you can't just configure it on the ports.

Jon

vishalpatil86
Level 1
Level 1
In response to Jon Marshall

‎02-10-2015 09:11 AM

thanks jon,

this is what i was looking for. so we need to activate it on vlan to make it work..

 

 

thanks,

vish

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card