Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

LAN dhcp snooping configuration

Hi,

We have Windows DHCP server running on the existing LAN setup consosting many L2 and L3 switches. Switches are connected to each other by trunks. We are planning to configure DHCP server on each switch seperately. I need to make sure that once swicth is configured as a DHCP server all hosts connected to that swicth will get IP address only from that switch. Even if by some chance, if any host gets an IP from windows DHCP server it will be in different subnet and it will not be able to communicate with any other device. For that I need to configure DHCP snooping on the trunk port in such a way that it will "NOT accept" any DHCP replies. In our case reply from windows DHCP server. In notmal case DHCP replies are accepted only from trunk ports but in out case it is exactly opposite.

Please share the experience.

Any link on cisco.com is highly appreciable.

Thanks in advance.

Subodh

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Re: LAN dhcp snooping configuration

Hello Subodh,

>> We are planning to configure DHCP server on each switch seperately

Well, let me say this is quite uncommon, centralized DHCP servers have their advantages.

I guess you are in the middle of an address plan migration.

I would consider using ip address secondary on default gateways and resizing current dhcp scopes

However, if you enable DHCP snooping it is enough to let the trunk port untrusted (that is by default) to block DHCP server activity.

see

interface range GigabitEthernet 1/1 - 2

switchport mode trunk

switchport trunk encapsulation dot1q

>>>no ip dhcp snooping trust

Hope to help

Giuseppe

1 REPLY
Hall of Fame Super Silver

Re: LAN dhcp snooping configuration

Hello Subodh,

>> We are planning to configure DHCP server on each switch seperately

Well, let me say this is quite uncommon, centralized DHCP servers have their advantages.

I guess you are in the middle of an address plan migration.

I would consider using ip address secondary on default gateways and resizing current dhcp scopes

However, if you enable DHCP snooping it is enough to let the trunk port untrusted (that is by default) to block DHCP server activity.

see

interface range GigabitEthernet 1/1 - 2

switchport mode trunk

switchport trunk encapsulation dot1q

>>>no ip dhcp snooping trust

Hope to help

Giuseppe

207
Views
0
Helpful
1
Replies
CreatePlease to create content