Users Guide

Restrictions for DHCP Snooping

• DHCP Snooping is supported only for port extender interfaces connected to the VLT peers.

• DHCP server must be connected to the VLT peers only using VLT Port-channel.

• DHCP Snooping is supported only FOR SPANNED VLANs.

• Source address validation is not supported for VPLAG interfaces on VLT.

• Port Extender does not support DHCP server.

Prerequisites for DHCP Snooping

• DHCP Snooping should be enabled globally on both VLT peers.

• The same Remote ID string and Remote ID host name should be configured on both VLT peers.

• To enable DHCP Secondary subnet feature in VLT, ensure that the secondary IP address subnet is the

same in both VLT peers.

• Apply similar dynamic ARP inspection and source address validation configurations on both VLT peers.

• If you want to use the clear ip dhcp snooping binding command, use it individually on VLT

nodes.

• In a dual-homed setup, you cannot configure DHCP snooping using batch mode. You can configure

DHCP snooping separately on each VLT peer.

• In the event of snooping VLAN operation down or interface delete, the removal of snooping binding

entries is not synchronized to the VLT peer .

Enabling DHCP Snooping

To enable DHCP snooping, use the following commands.

1 Enable DHCP snooping globally.

CONFIGURATION mode

ip dhcp snooping

2 Specify ports connected to DHCP servers as trusted.

INTERFACE mode

ip dhcp snooping trust

3 Enable DHCP snooping on a VLAN.

CONFIGURATION mode

ip dhcp snooping vlan name

Adding a Static Entry in the Binding Table

To add a static entry in the binding table, use the following command.

• Add a static entry in the binding table.

EXEC mode

EXEC Privilege mode

ip dhcp snooping binding mac

Dynamic Host Configuration Protocol (DHCP) 405