Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to set-up DHCP-snooping? 1

Status
Not open for further replies.
mlgmartin

mlgmartin

Vendor
Jul 6, 2010
108
PH
Kindly check if the procedure is correct.

5400(config)# dhcp-snooping authorized-server 192.168.10.1
5400(config)# dhcp-snooping trust A1
5400(config)# dhcp-snooping vlan 1
5400(config)# dhcp-snooping

Questions:
1) Do I need to turn off dhcp-snooping option 82?
5400(config)# no dhcp-snooping option 82
2) Under trusted interfaces (step 2), should I include both the uplink and downlink ports?

"It is an equal failing to trust everybody, and to trust nobody.
 
Sort by date Sort by votes
1. If you have Microsoft DHCP servers, then yes you will need to turn off dhcp-snooping option 82 as Microsoft isn't evidently standards compliant on their DHCP and without that option, it will drop all DHCP traffic.

2. Yes. All DHCP server connected ports and all ports that other switches connect on (like you said, all uplink ports)

I provided the link to HP's article about DHCP snooping, but I did not see it mention about the option 82 parameter. Hope that helps.

 
Upvote 0 Downvote
1)
"no dhcp-snooping option 82" is what I have on mine.

2)
yes, both, as it snoops both the request AND the offer.
 
Upvote 0 Downvote
SWITCH1# sh dhcp-snooping stat


Packet type Action Reason Count
----------- ------- ---------------------------- ---------
server forward from trusted port 28
client forward to trusted port 3862
server drop received on untrusted port 0
server drop unauthorized server 0
client drop destination on untrusted port 0
client drop untrusted option 82 field 0
client drop bad DHCP release request 0
client drop failed verify MAC check 0


If you don't disable option 82 snooping, you get this:

SWITCH2# sh dhcp-snooping stat


Packet type Action Reason Count
----------- ------- ---------------------------- ---------
server forward from trusted port 371
client forward to trusted port 3898
server drop received on untrusted port 0
server drop unauthorized server 118
client drop destination on untrusted port 0
client drop untrusted option 82 field 119
client drop bad DHCP release request 0
client drop failed verify MAC check 0
 
Upvote 0 Downvote
My understanding is that "Option 82" is the information added to a client's DHCP request by the "IP Helper" on the router.

I haven't tested it yet, but I'm guessing you could re-enable Option 82 snooping if you first add the router interface as an "authorized-server".
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

CHRISH KYLE
  • Locked
  • Question
how to reset netgear router password in hp laptop......
Replies
0
Views
130
CHRISH KYLE
CHRISH KYLE
AlphaMann
  • Locked
  • Question
Enabling DSCP 46 bit set priorization
Replies
0
Views
125
AlphaMann
AlphaMann
starmanjl
  • Locked
  • Question
Can someone direct me to some docum
Replies
1
Views
144
meneerB
meneerB
mattbarkerlfc
  • Locked
  • Question
Cisco to HP config converter
Replies
0
Views
143
mattbarkerlfc
mattbarkerlfc
Wadoki
  • Locked
  • Question
What is the command to enable 3rd party SFP+ transceivers on HP switch?
Replies
0
Views
154
Wadoki
Wadoki

Part and Inventory Search

Sponsor

Back
Top