Filter
Top Products
20-10
Catalyst 2960 and 2960-S Switch Software Configuration Guide
OL-8603-09
Chapter 20 Configuring DHCP Features and IP Source Guard Features
Configuring DHCP Snooping
• Before globally enabling DHCP snooping on the switch, make sure that the devices acting as the
DHCP server and the DHCP relay agent are configured and enabled.
• Before configuring the DHCP snooping information option on your switch, be sure to configure the
device that is acting as the DHCP server. For example, you must specify the IP addresses that the
DHCP server can assign or exclude, or you must configure DHCP options for these devices.
• When configuring a large number of circuit IDs on a switch, consider the impact of lengthy character
strings on the NVRAM or the flash memory. If the circuit-ID configurations, combined with other
data, exceed the capacity of the NVRAM or the flash memory, an error message appears.
• Before configuring the DHCP relay agent on your switch, make sure to configure the device that is
acting as the DHCP server. For example, you must specify the IP addresses that the DHCP server
can assign or exclude, configure DHCP options for devices, or set up the DHCP database agent.
• If the DHCP relay agent is enabled but DHCP snooping is disabled, the DHCP option-82 data
insertion feature is not supported.
• If a switch port is connected to a DHCP server, configure a port as trusted by entering the ip dhcp
snooping trust interface configuration command.
• If a switch port is connected to a DHCP client, configure a port as untrusted by entering the no ip
dhcp snooping trust interface configuration command.
• Follow these guidelines when configuring the DHCP snooping binding database:
–
Because both NVRAM and the flash memory have limited storage capacity, we recommend that
you store the binding file on a TFTP server.
–
For network-based URLs (such as TFTP and FTP), you must create an empty file at the
configured URL before the switch can write bindings to the binding file at that URL. See the
documentation for your TFTP server to determine whether you must first create an empty file
on the server; some TFTP servers cannot be configured this way.
–
To ensure that the lease time in the database is accurate, we recommend that you enable and
configure NTP. For more information, see the “Configuring NTP” section on page 5-5.
–
If NTP is configured, the switch writes binding changes to the binding file only when the switch
system clock is synchronized with NTP.
• Do not enter the ip dhcp snooping information option allow-untrusted command on an
aggregation switch to which an untrusted device is connected. If you enter this command, an
untrusted device might spoof the option-82 information.
• You can display DHCP snooping statistics by entering the show ip dhcp snooping statistics user
EXEC command, and you can clear the snooping statistics counters by entering the clear ip dhcp
snooping statistics privileged EXEC command.
Note Do not enable Dynamic Host Configuration Protocol (DHCP) snooping on RSPAN VLANs. If
DHCP snooping is enabled on RSPAN VLANs, DHCP packets might not reach the RSPAN
destination port.