Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

DHCP SNOOPING

Dear all

I want to know what if DHCP is reside on cisco router or cisco Switch itself?

then what issue must be considered for DHCP SNOOPING or IP SOURCE GUARD?

1 REPLY
Hall of Fame Super Silver

Re: DHCP SNOOPING

Hello Hani,

if the switch is acting as DHCP server with DHCP address pools defined on it you can still deploy DHCP snooping and IP source guard.

see

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_44_se/configuration/guide/swdhcp82.html#wp1294275

When the DHCP server is external and the switch acts as a DHCP relay to implement DHCP snooping an IP source guard you need to configure the uplinks as trusted ports otherwise clients cannot get IP addresses via the external DHCP (the security features will not accept multiple DHCP messages on the same untrusted port so the need to trust uplink ports or the port where the DHCP server is connected).

With an internal server this problem should be overcomed, however uplinks need to be excluded from IP source guards checks because potentially the source IP address of received packets is any possible value.

Hope to help

Giuseppe

127
Views
0
Helpful
1
Replies
CreatePlease to create content