20-7
Catalyst2950 and Catalyst2955 Switch Software Configuration Guide
78-11380-10
Chapter20 Configuring DHCP Feat ures Configuring DHCP Features
Enabling DHCP Snooping and Option 82
Beginning in privileged EXEC mode, follow these steps to enable DHCP snooping on th e swi tch .
To disable DHCP snooping, use the no ip dhcp snooping global configuration command. To disable
DHCP snooping on a VLAN or range of VLANs, use the no ip dhcp snooping vlan vlan-id global
configuration command. To disable the insertion and removal of the option-82 field, use the no ip dhcp
snooping information option global configuration command.
This example shows how to enable DHCP snooping globally and on VLAN 10 and to configure a rate
limit of 100 packets per second on Fast Ethernet port 0/1:
Switch(config)# ip dhcp snooping
Switch(config)# ip dhcp snooping vlan 10
Switch(config)# ip dhcp snooping information option
Switch(config)# interface fastethernet0/1
Switch(config-if)# ip dhcp snooping limit rate 100
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 ip dhcp snooping Enable DHCP snooping globally.
Step3 ip dhcp snooping vlan vlan-range Enable DHCP snooping on a VLAN or range of VLANs. The range is 1
to 4094.
You can enter a single VLAN ID identified b y VLAN ID number , a seri es
of VLAN IDs separated by commas, a range of VLAN IDs separated by
hyphens, or a range of VLAN IDs separated by entering the starting and
ending VLAN IDs separated by a space.
Step4 ip dhcp snooping information option Enable the switch to insert and remove DHCP relay information
(option-82 field) in forwarded DHCP request messages to the DHCP
server.
The default is enabled.
Step5 interface interface-id Enter interface configuration mode, and specify the interface to be
configured.
Step6 ip dhcp snooping trust (Optional) Configure the interface as trusted or untrusted. You can use the
no keyword to configure an interface to receive messages from an
untrusted client. The default is untrusted.
Step7 ip dhcp snooping limit rate rate (Optional) Configure the number of DHCP packets per second than an
interface can receive. The range is 1 to 4294967294. The default is no rate
limit configured.
Note We recommend an untrusted rate limit of not more than 100
packets per second. If you configure rate limiting for trusted
interfaces, you might need to increase the rate limit if the port is
a trunk port assigned to more than one VLAN on which DHCP
snooping is enabled.
Step8 end Return to privileged EXEC mode.
Step9 show running-config Verify your entries.
Step10 copy running-config startup-config (Optional) Save your entries in the configuration file.