Wednesday, January 16, 2013

How to Configure DHCP snooping without using DHCP option 82

Configure DHCP snooping without using DHCP option 82

Network Diagram






RT1:



interface GigabitEthernet3/1



switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10-20
switchport mode trunk
switchport nonegotiate
logging event link-status
spanning-tree link-type point-to-point
spanning-tree guard root


interface GigabitEthernet4/1
switchport trunk encapsulation dot1qswitchport trunk allowed vlan 10-20switchport mode trunkswitchport nonegotiatelogging event link-statusspanning-tree link-type point-to-pointspanning-tree guard root 

SW1

config)#
no ip dhcp snooping information option   # Disable option 82
ip dhcp snooping vlan 11                 # Define Vlan for DHCP snooping
ip dhcp snooping                   # Enable DHCP snooping on a switch
interface GigabitEthernet0/46

 description uplink toward rt1  switchport mode trunk ip dhcp snooping trust              # Define trusted port
interface GigabitEthernet0/48

description uplink toward sw1
switchport mode trunk
ip dhcp snooping trust # Define trusted port
interface GigabitEthernet0/1
 description Access port Client switchport access vlan 10 switchport mode access ip dhcp snooping limit rate 10    # Rate Limit DHCP messages

SW2

(config)#

no ip dhcp snooping information option # Disable option 82ip dhcp snooping vlan 11 # Define Vlan for DHCP snoopingip dhcp snooping # Enable DHCP snooping on a switch
interface GigabitEthernet0/46

description uplink toward rt1 switchport mode trunk ip dhcp snooping trust # Define trusted port
interface GigabitEthernet0/48

description uplinc toward sw1 switchport mode trunk ip dhcp snooping trust # Define trusted port

Verify



#sh ip dhcp snooping binding

MacAddress          IpAddress        Lease(sec)  Type           VLAN  Interface

------------------  ---------------  ----------  -------------  ----  --------------------

00:11:0A:94:FD:01   10.10.1.20       687184      dhcp-snooping   11    GigabitEthernet0/1



Total number of bindings: 1





#show ip dhcp snooping statistics


  Packets Forwarded                                     = 253

 Packets Dropped                                       = 6 # drooped packets from

                                                             rogue dhcp server

 Packets Dropped From untrusted ports                  = 0




debub ip dhcp snooping events
debug ip dhcp packets







Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)