04-20-2009 11:02 PM - edited 03-04-2019 04:26 AM
Hi all,
If I have a new 2 x 2960 (Sw1, Sw2) switch connected with G0/1 together. If the real dhcp
server is connected to Sw1 port 1 and an unauthorized dhcp server is connected in Sw2 port 1.
What command I need to use to turn on dhcp snooping to reject unauthorized dhcp server (Sw2, port1) to allocate ip address to other dhcp client.
Also, How can dhcp client can get ip address from authorized dhcp server (Sw1 port1).
Thanks for your help
04-21-2009 12:11 AM
Hi Jack IP, Are you IPv4 or IPv6? (grin)
Let's assume you are using VLAN_1 for servers and clients.
Switch1:
Switch(config)# ip dhcp snooping
Switch(config)# ip dhcp snooping vlan 1
Switch(config)# ip dhcp snooping information option
--FOR THE DHCP SERVER--
Switch(config)#int f0/1
Switch(config-if)#ip dhcp snooping trust
--FOR THE UPLINK(TRUNK) PORT--
Switch(config)#int g0/1
Switch(config-if)#ip dhcp snooping trust
Switch2:
Switch(config)# ip dhcp snooping
Switch(config)# ip dhcp snooping vlan 1
Switch(config)# ip dhcp snooping information option
--FOR THE UPLINK(TRUNK) PORT--
Switch(config)#int g0/1
Switch(config-if)#ip dhcp snooping trust
Let's check this link for more information.
HTH,
Toshi
04-21-2009 01:22 AM
Not many DHCP servers support the insertion of Option 82 information so you will probably want to disable this feature:
no ip dhcp snooping information option
Certainly if the servers are Windows 2003 or earlier then they definitely won't work if this is enabled. Other than that Toshi's reply is sound - trusting needs to be on the layer-2 uplinks and the port where the actual server is connected.
Andy
04-21-2009 02:02 AM
Andrew,
I thought that option would be used for DHCP relay agent packets. In this case it's not. I'm not sure that why cisco puts this on by default.
However Thanks for letting this issue.
5P! Andy
Toshi
04-21-2009 03:49 AM
Option 82 insertion is where the switch inserts the physical interface information into the DhCP request along with the source MAc address. I think it is more useful in a cable/broadband network where you want to know more information regarding your subscribers.
Reasonable explanation here:
I am not sure about what Cisco DHCP servers understand it but as for MS only Server 2008 supports it, however I have never configured it.
Andy
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide