user manual
25-3
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
Chapter 25 Configuring DHCP
Information About Configuring DHCP
If the switch is an aggregation switch supporting DHCP snooping and is connected to an edge switch 
that is inserting DHCP option-82 information, the switch drops packets with option-82 information when 
packets are received on an untrusted interface. If DHCP snooping is enabled and packets are received on 
a trusted port, the aggregation switch does not learn the DHCP snooping bindings for connected devices 
and cannot build a complete DHCP snooping binding database.
When an aggregation switch can be connected to an edge switch through an untrusted interface and you 
enter the ip dhcp snooping information option allow-untrusted global configuration command, the 
aggregation switch accepts packets with option-82 information from the edge switch. The aggregation 
switch learns the bindings for hosts connected through an untrusted switch interface. The DHCP security 
features, such as dynamic ARP inspection or IP source guard, can still be enabled on the aggregation 
switch while the switch receives packets with option-82 information on untrusted input interfaces to 
which hosts are connected. The port on the edge switch that connects to the aggregation switch must be 
configured as a trusted interface.
Option-82 Data Insertion
In residential, metropolitan Ethernet-access environments, DHCP can centrally manage the IP address 
assignments for a large number of subscribers. When the DHCP option-82 feature is enabled on the 
switch, a subscriber device is identified by the switch port through which it connects to the network (in 
addition to its MAC address). Multiple hosts on the subscriber LAN can be connected to the same port 
on the access switch and are uniquely identified.
Note The DHCP option-82 feature is supported only when DHCP snooping is globally enabled and on the 
VLANs to which subscriber devices using this feature are assigned. 
Figure 25-1 is an example of a metropolitan Ethernet network in which a centralized DHCP server 
assigns IP addresses to subscribers connected to the switch at the access layer. Because the DHCP clients 
and their associated DHCP server do not reside on the same IP network or subnet, a DHCP relay agent 
(the Catalyst switch) is configured with a helper address to enable broadcast forwarding and to transfer 
DHCP messages between the clients and the server.
Figure 25-1 DHCP Relay Agent in a Metropolitan Ethernet Network
Subscribers
Catalyst switch
(DHCP relay agent)
Host A
(DHCP client)
Access layer
DHCP
server
Host B
(DHCP client)
98813
VLAN 10










