20-5
Catalyst 2960 and 2960-S Switch Software Configuration Guide
OL-8603-09
Chapter 20 Configuring DHCP Features and IP Source Guard Features
Understanding DHCP Snooping
• The DHCP server receives the packet. If the server is option-82-capable, it can use the remote ID,
the circuit ID, or both to assign IP addresses and implement policies, such as restricting the number
of IP addresses that can be assigned to a single remote ID or circuit ID. Then the DHCP server
echoes the option-82 field in the DHCP reply.
• The DHCP server unicasts the reply to the switch if the request was relayed to the server by the
switch. The switch verifies that it originally inserted the option-82 data by inspecting the remote ID
and possibly the circuit ID fields. The switch removes the option-82 field and forwards the packet
to the switch port that connects to the DHCP client that sent the DHCP request.
When the described sequence of events occurs, the values in these fields in Figure 20-2 do not change:
• Circuit-ID suboption fields
–
Suboption type
–
Length of the suboption type
–
Circuit-ID type
–
Length of the circuit-ID type
• Remote-ID suboption fields
–
Suboption type
–
Length of the suboption type
–
Remote-ID type
–
Length of the remote-ID type
In the port field of the circuit-ID suboption, the port numbers start at 3. For example, on a switch with
24 10/100 ports and small form-factor pluggable (SFP) module slots, port 3 is the Fast Ethernet x/0/1
port, port 4 is the Fast Ethernet x/0/2 port, and so forth, where x is the stack member number. Port 27 is
the SFP module slot x/0/1, and so forth.
Figure 20-2 shows the packet formats for the remote-ID suboption and the circuit-ID suboption. For the
circuit-ID suboption, the module number corresponds to the switch number in the stack. The switch uses
the packet formats when you globally enable DHCP snooping and enter the ip dhcp snooping
information option global configuration command.