Installation guide
Configuring the Switch
3-118
3
• When DHCP snooping is globally enabled, and DHCP snooping is then disabled
on a VLAN, all dynamic bindings learned for this VLAN are removed from the
binding table.
Command Attributes
• VLAN ID – ID of a configured VLAN. (Range: 1-4094)
• DHCP Snooping Status – Enables or disables DHCP snooping for the selected
VLAN.
Web – Click DHCP Snooping, VLAN Configuration.
Figure 3-70 DHCP Snooping VLAN Configuration
CLI – This example first enables DHCP Snooping for VLAN 1.
Configuring the DHCP Snooping Information Option
DHCP provides a relay mechanism for sending information about the switch and its
DHCP clients to the DHCP server. Known as DHCP Option 82, it allows compatible
DHCP servers to use the information when assigning IP addresses, or to set other
services or policies for clients. It is also an effective tool in preventing malicious
network attacks from attached clients on DHCP services, such as IP Spoofing, Client
Identifier Spoofing, MAC Address Spoofing, and Address Exhaustion.
Command Usage
• DHCP Snooping (see page 3-117) must be enabled for Option 82 information to be
inserted into request packets.
• When Option 82 is enabled, the requesting client (or an intermediate relay agent
that has used the information fields to describe itself) can be identified in the DHCP
request packets forwarded by the switch and in reply packets sent back from the
DHCP server.
• When the DHCP Snooping Information Option is enabled, clients can be identified
by the switch port to which they are connected rather than just their MAC address.
DHCP client-server exchange messages are then forwarded directly between the
server and client without having to flood them to the entire VLAN.
• If Option 82 is enabled on the switch, information about the switch itself may be
included in any relayed request packet.
Console(config)#ip dhcp snooping vlan 1 4-160
Console(config)#