18-10
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
78-17058-01
Chapter18 Configuring DHCP Features and IP Source Guard
Configuring DHCP Features
Enabling DHCP Snooping and Option 82
Beginning in privileged EXEC mode, follow these steps to enable DHCP snooping on th e swi tch :
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 ip dhcp snooping Enable DHCP snooping globally.
Step3 ip dhcp snooping vlan vlan-range Enable DHCP snooping on a VLAN or range of VLANs. The range is 1
to 4094.
You can enter a single VLAN ID i denti fie d b y VLAN I D number, a series
of VLAN IDs separated by commas, a range of VLAN IDs separated by
hyphens, or a range of VLAN IDs separated by entering the starting and
ending VLAN IDs separated by a space.
Step4 ip dhcp snooping information option Enable the switch to insert and remove DHCP relay information
(option-82 field) in forwarded DHCP request messages to the DHCP
server.
The default is enabled.
Step5 ip dhcp snooping information option
allowed-untrusted (Optional) If the switch is an aggregation switch connected to an edge
switch, enable the switch to accept incoming DHCP snooping packets
with option-82 information from the edge switch.
The default is disabled.
Note You must enter this command only on aggregation switches that
are connected to trusted devices.
Step6 interface interface-id Specify the interface to be configured, and enter interface configuration
mode.
Step7 no shutdown Enable the port, if necessary. By default, UNIs are disabl ed and NNIs are
enabled.
Step8 ip dhcp snooping trust (Optional) Configure the interface as trusted or untrusted. You can use the
no keyword to configure an interface to receive messages from an
untrusted client. The default is untrusted.
Step9 ip dhcp snooping limit rate rate (Optional) Configure the number of DHCP packets per second that an
interface can receive. The range is 1 to 2048. By default, no rate limit is
configured.
Note We recommend an untrusted rate limit of not more than 100
packets per second. If you configure rate limiting for trusted
interfaces, you might need to increase the rate limit if the port is
a trunk port assigned to more than one VLAN on which DHCP
snooping is enabled.
Step10 exit Return to global configuration mode.
Step11 ip dhcp snooping verify mac-address (Optional) Configure the switch to verify that the source MAC address in
a DHCP packet that is received on untrusted ports matches the client
hardware address in the packet. The default is to verify that the source
MAC address matches the client hardware address in the packet.
Step12 end Return to privileged EXEC mode.