18-8
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
78-17058-01
Chapter18 Configuring DHCP Features and IP Source Guard
Configuring DHCP Features
Before configuring the DHCP snooping information option on your switch, be sure to configu re the
device that is acting as the DHCP server. For example, you must specify the IP addresses that the
DHCP server can assign or exclude, or you must configure DHCP options for the se d evices.
Before configuring the DHCP relay agent on your switch, make sure to configure the device that is
acting as the DHCP server. For example, you must specify the I P a ddres ses that the DHCP server
can assign or exclude, configure DHCP options for devices, or set up the DHCP database agent.
If the DHCP relay agent is enabled but DHCP snooping is disabled, the DHCP option-82 data
insertion feature is not supported.
If a switch port is connected to a DHCP server, configure a port as trusted by entering the ip dhcp
snooping trust interface configuration command.
If a switch port is connected to a DHCP client, configure a port as untrusted by entering the no ip
dhcp snooping trust interface configuration command.
IFollow these guidelines when configuring the DHCP snooping binding database:
Because both NVRAM and the flash memory have limited storage capacity, we recommend that
you store the binding file on a TFTP server.
You must create an empty file at the configured URL on network-based URLs (such as TFTP
and FTP) before the switch can initially write bindings to the binding file at that URL for the
first time.
To ensure that the lease time in the database is accurate, we recomm end that NTP is enab led and
configured. For more information, see the “Configuring NTP” section on page 5-4.
If NTP is configured, the switch writes binding changes to the binding file only when the switch
system clock is synchronized with NTP.
Do not enter the ip dhcp snooping information option allowed-untrusted command on an
aggregation switch to which an untrusted device is connected. If yo u en ter thi s co mma nd , an
untrusted device might spoof the option-82 information.
Configuring the DHCP Relay Agent
Beginning in privileged EXEC mode, follow these steps to enable the DHCP relay agent on the switch:
To disable the DHCP relay agent, use the no service dhcp global configuration command.
See the “Configuring DHCP” section of the “IP Addressing and Services” section of the Cisco IOS IP
Configuration Guide, Release12.2 for these procedure s:
Checking (validating) the relay agent information
Configuring the relay agent forwarding policy
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 service dhcp Enable the DHCP relay agent on your switch. By default, this feature is
enabled.
Step3 end Return to privileged EXEC mode.
Step4 show running-config Verify your entries.
Step5 copy running-config startup-config (Optional) Save your entries in the configuration file.