19-6
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
OL-10101-02
Chapter 19 Configuring DHCP Features
Configuring DHCP Features
DHCP Snooping Configuration Guidelines
These are the configuration guidelines for DHCP snooping.
You must globally enable DHCP snooping on the switch.
DHCP snooping is not active until DHCP snooping is enabled on a VLAN.
Before globally enabling DHCP snooping on the switch, make sure that the devices acting as the
DHCP server and the DHCP relay agent are configured and enabled.
Before configuring the DHCP snooping information option on your switch, be sure to configure the
device that is acting as the DHCP server. For example, you must specify the IP addresses that the
DHCP server can assign or exclude, or you must configure DHCP options for these devices.
If the DHCP relay agent is enabled but DHCP snooping is disabled, the DHCP option-82 data
insertion feature is not supported.
If a switch port is connected to a DHCP server, configure a port as trusted by entering the ip dhcp
snooping trust interface configuration command.
If a switch port is connected to a DHCP client, configure a port as untrusted by entering the no ip
dhcp snooping trust interface configuration command.
Do not enter the ip dhcp snooping information option allow-untrusted command on an
aggregation switch to which an untrusted device is connected. If you enter this command, an
untrusted device might spoof the option-82 information
Tab l e 19-1 Default DHCP Configuration
Feature Default Setting
DHCP server Enabled in Cisco IOS software, requires
configuration1
1. The switch responds to DHCP requests only if it is configured as a DHCP server.
DHCP relay agent Enabled2
2. The switch relays DHCP packets only if the IP address of the DHCP server is configured on the SVI of the DHCP client.
DHCP packet forwarding address None configured
Checking the relay agent information Enabled (invalid messages are dropped)2
DHCP relay agent forwarding policy Replace the existing relay agent information2
DHCP snooping enabled globally Disabled
DHCP snooping information option Enabled
DHCP snooping option to accept packets on
untrusted ingress interfaces3
3. Use this feature when the switch is an aggregation switch that receives packets with option-82 information from an edge
switch.
Disabled
DHCP snooping limit rate None configured
DHCP snooping trust Untrusted
DHCP snooping VLAN Disabled
DHCP snooping MAC address verification Enabled