EasyManuals Logo

Cisco Catalyst 4500 Series Administration Guide

Cisco Catalyst 4500 Series
1814 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1388 background imageLoading...
Page #1388 background image
53-12
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
OL_28731-01
Chapter 53 Configuring DHCP Snooping, IP Source Guard, and IPSG for Static Hosts
Configuring DHCP Snooping
This example shows how to configure the Option 82 circuit-ID override suboption:
Switch(config-if)# ip dhcp snooping vlan 250 information option format-type circuit-id
override string testcustomer
Enabling DHCP Snooping on Private VLAN
DHCP snooping can be enabled on private VLANs, which provide isolation between Layer 2 ports
within the same VLAN. If DHCP snooping is enabled (or disabled), the configuration is propagated to
both the primary VLAN and its associated secondary VLANs. You cannot enable (or disable) DHCP
snooping on a primary VLAN without reflecting this configuration change on the secondary VLANs.
Configuring DHCP snooping on a secondary VLAN is still allowed, but it does not take effect if the
associated primary VLAN is already configured. If the associated primary VLAN is configured, the
effective DHCP snooping mode on the secondary VLAN is derived from the corresponding primary
VLAN. Manually configuring DHCP snooping on a secondary VLAN causes the switch to issue this
warning message:
DHCP Snooping configuration may not take effect on secondary vlan XXX
The show ip dhcp snooping command displays all VLANs (both primary and secondary) that have
DHCP snooping enabled.
Configuring DHCP Snooping on Private VLAN
DHCP snooping, IPSG, and DAI are Layer 2-based security features that can be enabled and disabled
on an individual VLAN, including auxiliary or voice VLAN. You need to enable DHCP snooping on a
voice VLAN for a Cisco IP phone to function properly.
Configuring DHCP Snooping with an Ethernet Channel Group
When you configure DHCP snooping, you need to configure trunk interfaces that transmit DHCP packets
as trusted interfaces by adding ip dhcp snooping trust to the physical interface configuration. However,
if DHCP packets will be transmitted over an Ethernet channel group, you must configure
ip dhcp snooping trust on the logical port channel interface, for example:
Switch# show run int port-channel50
Building configuration...
Current configuration : 150 bytes
!
interface Port-channel50
switchport
switchport trunk native vlan 4092
switchport mode trunk
switchport nonegotiate
ip dhcp snooping trust
end
Switch#

Table of Contents

Other manuals for Cisco Catalyst 4500 Series

Preview: Manual
Manual19 pages
Preview: Command Reference Guide
Command Reference Guide1230 pages
Preview: System Message Guide
System Message Guide150 pages
Preview: Configuration Guide
Configuration Guide1610 pages
Preview: Software Configuration Guide
Software Configuration Guide2086 pages
Preview: Message Guide
Message Guide146 pages
Preview: Installation Guide
Installation Guide194 pages
Preview: Datasheet
Datasheet11 pages
Preview: Overview
Overview46 pages
Preview: Quick Reference Guide
Quick Reference Guide59 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco Catalyst 4500 Series and is the answer not in the manual?

Cisco Catalyst 4500 Series Specifications

General IconGeneral
SeriesCatalyst 4500 Series
CategorySwitch
Layer SupportLayer 2, Layer 3
Form FactorModular chassis
StackableNo
Chassis Slots3, 6, 7, 10
Power Supply OptionsAC, DC
RedundancyPower supply, Supervisor engine
Network ManagementCisco IOS Software CLI, SNMP, Cisco Prime Infrastructure
FeaturesSecurity, QoS
Port DensityUp to 384 ports per chassis
Security Features802.1X, ACLs, DHCP Snooping, Dynamic ARP Inspection, IP Source Guard
Supervisor Engine8-E

Related product manuals