EasyManuals Logo

Cisco WS-C6506 User Manual

Cisco WS-C6506
1488 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #878 background imageLoading...
Page #878 background image
33-4
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
OL-8978-04
Chapter 33 Configuring DHCP Snooping and IP Source Guard
Configuring DHCP Snooping on a VLAN
These sections describe how to configure DHCP snooping:
Default Configuration for DHCP Snooping, page 33-4
Enabling DHCP Snooping, page 33-4
Enabling DHCP Snooping on a Private VLAN, page 33-5
Enabling the DHCP-Snooping Host-Tracking Information Option, page 33-5
Enabling the DHCP Snooping MAC-Address Matching Option, page 33-6
Configuration Examples for DHCP Snooping, page 33-7
Default Configuration for DHCP Snooping
DHCP snooping is disabled by default. Table 33-1 shows the default configuration values for each
DHCP-snooping option. If you want to change the default configuration values, see the “Enabling DHCP
Snooping” section on page 33-4.
Enabling DHCP Snooping
DHCP snooping is enabled on the VLANs through the security VLAN access control lists (VACLs).
DHCP snooping is enabled on a VLAN by adding a DHCP-snooping access control entry (ACE) to a
new or existing security ACL. You must determine where to position DHCP snooping in the ACL
depending on your policy for the DHCP packets. For example, if you want to deny the DHCP packets
that come from a certain host and perform DHCP snooping for the other DHCP packets, then you must
place a deny ACE before the DHCP-snooping ACE.
To enable DHCP snooping on a VLAN, perform this task in privileged mode:
Table 33-1 Default Configuration Values for DHCP Snooping
Option Default Value/State
DHCP-snooping host tracking
information option
Disabled.
DHCP-snooping limit rate 1000 pps shared with ARP inspection and 802.1X-DHCP.
Rate limiting is supported on PFC2 and later versions.
DHCP-snooping trust on a port Untrusted.
DHCP snooping on a VLAN Disabled.
DHCP-snooping bindings-database
auto-save option
Disabled.
DHCP-snooping bindings-database
storage device and filename
bootflash:dhcp-snooping-bindings-database
Task Command
Step 1
Add DHCP snooping to the VACL. set security acl ip acl_name permit dhcp-snooping
Step 2
Configure the VACL to allow DHCP
snooping from all hosts.
set security acl ip acl_name permit ip any any

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco WS-C6506 and is the answer not in the manual?

Cisco WS-C6506 Specifications

General IconGeneral
BrandCisco
ModelWS-C6506
CategorySwitch
LanguageEnglish

Related product manuals