2-147
Catalyst 3560 Switch Command Reference
78-16405-05
Chapter 2 Catalyst 3560 Switch Cisco IOS Commands
ip dhcp snooping information option allow-untrusted
ip dhcp snooping information option allow-untrusted
Use the ip dhcp snooping information option allow-untrusted global configuration command on an
aggregation switch to configure it to accept DHCP packets with option-82 information that are received
on untrusted ports that might be connected to an edge switch. Use the no form of this command to return
to the default setting.
ip dhcp snooping information option allow-untrusted
no ip dhcp snooping information option allow-untrusted
Syntax Description This command has no arguments or keywords.
Defaults The switch drops DHCP packets with option-82 information that are received on untrusted ports that
might be connected to an edge switch.
Command Modes Global configuration
Command History
Usage Guidelines You might want an edge switch to which a host is connected to insert DHCP option-82 information at
the edge of your network. You might also want to enable DHCP security features, such as DHCP
snooping, IP source guard, or dynamic Address Resolution Protocol (ARP) inspection, on an
aggregation switch. However, if DHCP snooping is enabled on the aggregation switch, the switch drops
packets with option-82 information that are received on an untrusted port and does not learn DHCP
snooping bindings for connected devices on a trusted interface.
If the edge switch to which a host is connected inserts option-82 information and you want to use DHCP
snooping on an aggregation switch, enter the ip dhcp snooping information option allow-untrusted
command on the aggregation switch. The aggregation switch can learn the bindings for a host even
though the aggregation switch receives DHCP snooping packets on an untrusted port. You can also
enable DHCP security features on the aggregation switch. The port on the edge switch to which the
aggregation switch is connected must be configured as a trusted port.
Note Do not enter the ip dhcp snooping information option allow-untrusted command on an aggregation
switch to which an untrusted device is connected. If you enter this command, an untrusted device might
spoof the option-82 information.
Release Modification
12.2(25)SEA This command was introduced.
To Next Page
Loading...
Need help?
General