Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

DHCP snooping in 2960 switch

Hi all,

If I have a new 2 x 2960 (Sw1, Sw2) switch connected with G0/1 together. If the real dhcp

server is connected to Sw1 port 1 and an unauthorized dhcp server is connected in Sw2 port 1.

What command I need to use to turn on dhcp snooping to reject unauthorized dhcp server (Sw2, port1) to allocate ip address to other dhcp client.

Also, How can dhcp client can get ip address from authorized dhcp server (Sw1 port1).

Thanks for your help

4 REPLIES

Re: DHCP snooping in 2960 switch

Hi Jack IP, Are you IPv4 or IPv6? (grin)

Let's assume you are using VLAN_1 for servers and clients.

Switch1:

Switch(config)# ip dhcp snooping

Switch(config)# ip dhcp snooping vlan 1

Switch(config)# ip dhcp snooping information option

--FOR THE DHCP SERVER--

Switch(config)#int f0/1

Switch(config-if)#ip dhcp snooping trust

--FOR THE UPLINK(TRUNK) PORT--

Switch(config)#int g0/1

Switch(config-if)#ip dhcp snooping trust

Switch2:

Switch(config)# ip dhcp snooping

Switch(config)# ip dhcp snooping vlan 1

Switch(config)# ip dhcp snooping information option

--FOR THE UPLINK(TRUNK) PORT--

Switch(config)#int g0/1

Switch(config-if)#ip dhcp snooping trust

Let's check this link for more information.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_44_se/configuration/guide/swdhcp82.html

HTH,

Toshi

Re: DHCP snooping in 2960 switch

Not many DHCP servers support the insertion of Option 82 information so you will probably want to disable this feature:

no ip dhcp snooping information option

Certainly if the servers are Windows 2003 or earlier then they definitely won't work if this is enabled. Other than that Toshi's reply is sound - trusting needs to be on the layer-2 uplinks and the port where the actual server is connected.

Andy

Re: DHCP snooping in 2960 switch

Andrew,

I thought that option would be used for DHCP relay agent packets. In this case it's not. I'm not sure that why cisco puts this on by default.

However Thanks for letting this issue.

5P! Andy

Toshi

Re: DHCP snooping in 2960 switch

Option 82 insertion is where the switch inserts the physical interface information into the DhCP request along with the source MAc address. I think it is more useful in a cable/broadband network where you want to know more information regarding your subscribers.

Reasonable explanation here:

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/46sg/configuration/guide/dhcp.html#wp1128786

I am not sure about what Cisco DHCP servers understand it but as for MS only Server 2008 supports it, however I have never configured it.

Andy

6591
Views
5
Helpful
4
Replies
CreatePlease login to create content