Skip navigation
Cisco Learning Home > Certifications > Routing & Switching (CCNP) > Discussions

_Communities

604 Views 8 Replies Latest reply: Jan 18, 2013 1:57 PM by Gonzo RSS

Currently Being Moderated

DHCP snooping

Jan 17, 2013 2:54 PM

Gonzo 291 posts since
Oct 10, 2008

Hello,

 

I am using 2 L3 switches which are trunked and have a Ubuntu laptop in one of the ports on switch 1 in DHCP mode. On switch 2 I have DHCP running for VLAN 5 and have put the laptop in VLAN 5 and it gets and IP address.  Now I have turned DHCP Snooping on using "IP DHCP snooping" so all ports are untrusted, but the laptop still gets and IP address after a renew. 

 

I guess I'm doing this test wrong and shouldn't be using a DHCP on the other switch over a trunk?  Not sure how I can get a DHCP server to be blocked if I only have 2 L3 switches and a laptop to test with.  May I need an old router with DHCP enable and just plug into a port?

 

Thanks

  • Anthony Sequeira, CCIE,VCP 1,011 posts since
    Nov 9, 2008
    Currently Being Moderated
    1. Jan 17, 2013 4:15 PM (in response to Gonzo)
    Re: DHCP snooping

    Did you remember to enable DHCP snooping for VLAN 5. You need to do this in addition to enabling the feature globally on the switch!

     

    The trunk port between the switches should not be an issue, it is just that to enable to correct deployment of DHCP it will have to be a trusted port.

     

    Anthony Sequeira

    http://www.stormwind.com

    Twitter: @compsolv

    Facebook: http://www.facebook.com/compsolv

  • cadetalain 2,642 posts since
    Sep 18, 2008
    Currently Being Moderated
    3. Jan 18, 2013 12:34 AM (in response to Gonzo)
    Re: DHCP snooping

    Hi,

     

    On switch 2 I have DHCP running for VLAN 5 and have put the laptop in VLAN 5

    What do you mean by that ? your SW2 is a DHCP server ? then of course it is leasing out an IP to your client

     

    Regards.

     

    Alain

  • cadetalain 2,642 posts since
    Sep 18, 2008
    Currently Being Moderated
    5. Jan 18, 2013 7:03 AM (in response to Gonzo)
    Re: DHCP snooping

    Hi,

     

    Can you clarify by posting a simple sketch of your topology.

     

    Regards.

     

    Alain

  • cadetalain 2,642 posts since
    Sep 18, 2008
    Currently Being Moderated
    7. Jan 18, 2013 11:13 AM (in response to Gonzo)
    Re: DHCP snooping

    Hi,

    By default all ports are untrusted and so the trunk should be untrusted and drop DHCP server messages and your client should not receive an IP address from the server unless you configure the trunk as trusted.

    Can you post output of sh ip dhcp snooping database detail.

    Can you release/renew the IP  on the linux host and see if it is still the same

     

    Regards.

     

    Alain

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)