user manual
25-8
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
Chapter 25  Configuring DHCP
Information About Configuring DHCP
DHCP Snooping Configuration Guidelines
  • You must globally enable DHCP snooping on the switch.
  • DHCP snooping is not active until DHCP snooping is enabled on a VLAN.
  • Before globally enabling DHCP snooping on the switch, make sure that the devices acting as the 
DHCP server and the DHCP relay agent are configured and enabled.
  • Before configuring the DHCP snooping information option on your switch, be sure to configure the 
device that is acting as the DHCP server. For example, you must specify the IP addresses that the 
DHCP server can assign or exclude, or you must configure DHCP options for these devices.
  • When configuring a large number of circuit IDs on a switch, consider the impact of lengthy character 
serstrings on the NVRAM or the flash memory. If the circuit-ID configurations, combined with 
other data, exceed the capacity of the NVRAM or the flash memory, an error message appears.
  • Before configuring the DHCP relay agent on your switch, make sure to configure the device that is 
acting as the DHCP server. For example, you must specify the IP addresses that the DHCP server 
can assign or exclude, configure DHCP options for devices, or set up the DHCP database agent. 
  • If the DHCP relay agent is enabled but DHCP snooping is disabled, the DHCP option-82 data 
insertion feature is not supported. 
  • If a switch port is connected to a DHCP server, configure a port as trusted by entering the ip dhcp 
snooping trust interface configuration command.
  • If a switch port is connected to a DHCP client, configure a port as untrusted by entering the no ip 
dhcp snooping trust interface configuration command.
  • Do not enter the ip dhcp snooping information option allow-untrusted command on an 
aggregation switch to which an untrusted device is connected. If you enter this command, an 
untrusted device might spoof the option-82 information.
DHCP snooping enabled globally Disabled
DHCP snooping information option Enabled
DHCP snooping option to accept packets on 
untrusted input interfaces
3
Disabled
DHCP snooping limit rate None configured
DHCP snooping trust Untrusted
DHCP snooping VLAN Disabled
DHCP snooping MAC address verification Enabled
Cisco IOS DHCP server binding database Enabled in Cisco IOS software, requires configuration.
Note The switch gets network addresses and configuration parameters 
only from a device configured as a DHCP server.
DHCP snooping binding database agent Enabled in Cisco IOS software, requires configuration. This feature is 
operational only when a destination is configured.
1. The switch responds to DHCP requests only if it is configured as a DHCP server.
2. The switch relays DHCP packets only if the IP address of the DHCP server is configured on the SVI of the DHCP client.
3. Use this feature when the switch is an aggregation switch that receives packets with option-82 information from an edge switch. 
Table 25-1 Default DHCP Snooping Settings (continued)
Feature Default Setting










