19-7
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Chapter 19 Configuring DHCP Features
Configuring DHCP Features
• If a switch port is connected to a DHCP client, configure a port as untrusted by entering the no ip
dhcp snooping trust interface configuration command.
• Do not enter the ip dhcp snooping information option allow-untrusted command on an
aggregation switch to which an untrusted device is connected. If you enter this command, an
untrusted device might spoof the option-82 information
Configuring the DHCP Server
The Catalyst 2955 switch can act as a DHCP server. By default, the Cisco IOS DHCP server and relay
agent features are enabled on your switch but are not configured. These features are not operational.
For procedures to configure the switch as a DHCP server, see the “Configuring DHCP” section of the
“IP addressing and Services” section of the Cisco IOS IP and IP Routing Configuration Guide,
Release 12.1.
Enabling DHCP Snooping and Option 82
Beginning in privileged EXEC mode, follow these steps to enable DHCP snooping on the switch.
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
ip dhcp snooping Enable DHCP snooping globally.
Step 3
ip dhcp snooping vlan vlan-range Enable DHCP snooping on a VLAN or range of VLANs. The range is 1
to 4094.
You can enter a single VLAN ID identified by VLAN ID number, a series
of VLAN IDs separated by commas, a range of VLAN IDs separated by
hyphens, or a range of VLAN IDs separated by entering the starting and
ending VLAN IDs separated by a space.
Step 4
ip dhcp snooping information option Enable the switch to insert and remove DHCP relay information
(option-82 field) in forwarded DHCP request messages to the DHCP
server.
The default is enabled.
Step 5
ip dhcp snooping information option
allow-untrusted
(Optional) If the switch is an aggregation switch connected to an edge
switch, enable the switch to accept incoming DHCP snooping packets
with option-82 information from the edge switch.
The default is disabled.
Note You must enter this command only on aggregation switches that
are connected to trusted devices.
Step 6
interface interface-id Enter interface configuration mode, and specify the interface to be
configured.
Step 7
ip dhcp snooping trust (Optional) Configure the interface as trusted or untrusted. You can use the
no keyword to configure an interface to receive messages from an
untrusted client. The default is untrusted.
To Next Page
Loading...
