Installation guide
General Security Measures
3-119
3
• In some cases, the switch may receive DHCP packets from a client that already
includes DHCP Option 82 information. The switch can be configured to set the
action policy for these packets. The switch can either drop the DHCP packets, keep
the existing information, or replace it with the switch’s relay information.
Command Attributes
• DHCP Snooping Information Option Status – Enables or disables DHCP Option
82 information relay. (Default: Disabled)
• DHCP Snooping Information Option Policy – Specifies how to handle DHCP
client request packets which already contain Option 82 information.
- Drop – Drops the client’s request packet instead of relaying it.
- Keep – Retains the Option 82 information in the client request, and forwards the
packets to trusted ports.
- Replace – Replaces the Option 82 information in the client’s request with
information about the relay agent itself, inserts the relay agent’s address (when
DHCP snooping is enabled), and forwards the packets to trusted ports. (This is
the default policy.)
Web – Click DHCP Snooping, Information Option Configuration. Enable Option 82,
and set the policy for handling request packets, then click Apply.
Figure 3-71 DHCP Snooping Information Option Configuration
CLI – This example enables DHCP Snooping Information Option, and sets the policy
as replace
.
Console(config)#ip dhcp snooping information option 4-163
Console(config)#ip dhcp snooping information policy replace 4-164
Console(config)#exit
Console#show ip dhcp snooping 4-165
Global DHCP Snooping status: disable
DHCP Snooping Information Option Status: disable
DHCP Snooping Information Policy: replace
DHCP Snooping is configured on the following VLANs:
Verify Source Mac-Address: enable
Interface Trusted
---------- ----------
Eth 1/1 No
Eth 1/2 No
Eth 1/3 No
.
.
.