[c-nsp] dhcp snooping clarification
William Jackson
wjackson at sapphire.gi
Wed Jul 4 08:45:31 EDT 2007
Hi
I have a dhcp snooping setup on a 3550 switch.
I have downstream some other access devices that insert option82
information to the DHCP requests.
On my switch I have:
ip dhcp smart-relay
ip dhcp relay information option
ip dhcp relay information policy keep
!
ip dhcp snooping information option allow-untrusted
ip dhcp snooping
and on the vlan interface
interface VlanXXX
ip address X.X.X.X
ip helper-address X.Y.Z.X
ip dhcp relay information trusted
My understanding is that the downstream interface has to be set as
trusted otherwise it will discard any DHCP packets arriving to it with
the option82 already set.
Due to this my command:
s3550 #sh ip dhcp binding
IP address Hardware address Lease expiration Type
s3550#
is empty even though the DHCP requests are successfully relayed through.
Is there a way to allow the relayed option82 packets through but to also
enforce the snooping bindings so that any traffic that hasn't done a
DHCP request ( ie they have set a manual IP ) will be discarded?
cheers
More information about the cisco-nsp
mailing list