1-13
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-25303-03
Chapter 1 Configuring DHCP Features and IP Source Guard
Configuring DHCP Features
Step 5
ip dhcp snooping information option
format remote-id [string ASCII-string |
hostname]
(Optional) Configure the remote-ID suboption.
You can configure the remote ID as:
• String of up to 63 ASCII characters (no spaces)
• Configured hostname for the switch
Note If the hostname is longer than 63 characters, it is truncated to 63
characters in the remote-ID configuration.
The default remote ID is the switch MAC address.
Step 6
ip dhcp snooping information option
allow-untrusted
(Optional) If the switch is an aggregation switch connected to an edge
switch, enable the switch to accept incoming DHCP snooping packets
with option-82 information from the edge switch.
The default setting is disabled.
Note Enter this command only on aggregation switches that are
connected to trusted devices.
Step 7
interface interface-id Specify the interface to be configured, and enter interface configuration
mode.
Step 8
ip dhcp snooping vlan vlan information
option format-type circuit-id
[override] string ASCII-string
(Optional) Configure the circuit-ID suboption for the specified interface.
Specify the VLAN and port identifier, using a VLAN ID in the range of 1
to 4094. The default circuit ID is the port identifier, in the format
vlan-mod-port.
You can configure the circuit ID to be a string of 3 to 63 ASCII characters
(no spaces).
(Optional) Use the override keyword when you do not want the
circuit-ID suboption inserted in TLV format to define subscriber
information.
Step 9
ip dhcp snooping trust (Optional) Configure the interface as trusted or untrusted. Use the no
keyword to configure an interface to receive messages from an untrusted
client. The default setting is untrusted.
Step 10
ip dhcp snooping limit rate rate (Optional) Configure the number of DHCP packets per second that an
interface can receive. The range is 1 to 2048. By default, no rate limit is
configured.
Note We recommend an untrusted rate limit of not more than 100
packets per second. If you configure rate limiting for trusted
interfaces, you might need to increase the rate limit if the port is
a trunk port assigned to more than one VLAN with DHCP
snooping.
Step 11
exit Return to global configuration mode.
Step 12
ip dhcp snooping verify mac-address (Optional) Configure the switch to verify that the source MAC address in
a DHCP packet received on untrusted ports matches the client hardware
address in the packet. The default is to verify that the source MAC
address matches the client hardware address in the packet.
Step 13
end Return to privileged EXEC mode.
Command Purpose