19-9
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
OL-9639-06
Chapter 19 Configuring DHCP Features and IP Source Guard Configuring DHCP Features
When you globally enable DHCP snooping on the switch, these Cisco IOS commands are not
available until snooping is disabled. If you enter these commands, the switch returns an error
message, and the configuration is not applied.
ip dhcp relay information check global configuration command
ip dhcp relay information policy global configuration command
ip dhcp relay information trust-all global configuration command
ip dhcp relay information trusted interface configuration command
Before configuring the DHCP snooping information option on your switch, be sure to configure the
device that is acting as the DHCP server. For example, you must specify the IP addresses that the
DHCP server can assign or exclude, or you must configure DHCP options for these devices.
When configuring a large number of circuit IDs on a switch, consider the impact of lengthy character
strings on the NVRAM or the flash memory. If the circuit-ID configurations, combined with other
data, exceed the capacity of the NVRAM or the flash memory, an error message appears.
Before configuring the DHCP relay agent on your switch, make sure to configure the device that is
acting as the DHCP server. For example, you must specify the IP addresses that the DHCP server
can assign or exclude, configure DHCP options for devices, or set up the DHCP database agent.
If the DHCP relay agent is enabled but DHCP snooping is disabled, the DHCP option-82 data
insertion feature is not supported.
If a switch port is connected to a DHCP server, configure a port as trusted by entering the ip dhcp
snooping trust interface configuration command.
If a switch port is connected to a DHCP client, configure a port as untrusted by entering the no ip
dhcp snooping trust interface configuration command.
Follow these guidelines when configuring the DHCP snooping binding database:
Because both NVRAM and the flash memory have limited storage capacity, we recommend that
you store the binding file on a TFTP server.
For network-based URLs (such as TFTP and FTP), you must create an empty file at the
configured URL before the switch can write bindings to the binding file at that URL. See the
documentation for your TFTP server to determine whether you must first create an empty file
on the server; some TFTP servers cannot be configured this way.
To ensure that the lease time in the database is accurate, we recommend that NTP is enabled and
configured. For more information, see the “Configuring NTP” section on page 5-4.
If NTP is configured, the switch writes binding changes to the binding file only when the switch
system clock is synchronized with NTP.
Do not enter the ip dhcp snooping information option allowed-untrusted command on an
aggregation switch to which an untrusted device is connected. If you enter this command, an
untrusted device might spoof the option-82 information.
You can display DHCP snooping statistics by entering the show ip dhcp snooping statistics user
EXEC command, and you can clear the snooping statistics counters by entering the clear ip dhcp
snooping statistics privileged EXEC command.
Note Do not enable Dynamic Host Configuration Protocol (DHCP) snooping on RSPAN VLANs. If DHCP
snooping is enabled on RSPAN VLANs, DHCP packets might not reach the RSPAN destination port.