Skip navigation
Cisco Learning Home > Certifications > Routing & Switching (CCNP) > Discussions

_Communities

3939 Views 4 Replies Latest reply: Dec 26, 2009 7:27 AM by Andrea D'Orsi RSS

Currently Being Moderated

DHCP Snooping

Jun 1, 2009 2:36 PM

Nicolas MICHEL 164 posts since
Jul 3, 2008

Hey there

 

After some CAM table issue here is another one for you guys

 

 

I have configured 2 cisco routers that act as DHCP Server. They work well , I'm leasing some IP with that stuff . Now for my lab , I'm using one router as DHCP ROGUE and another one as DHCP Server

 

they are both in the same subnet and I wanted to try the DHCP Snooping feature offered by my Cisco 3550

Here is the config of the switch :

 

ip dhcp snooping vlan 1
ip dhcp snooping

 

interface FastEthernet0/1
description ***PC THAT NEED IP ADDRESS***
switchport mode access
switchport port-security
switchport port-security mac-address sticky
switchport port-security mac-address sticky 0000.0000.0001
spanning-tree portfast
spanning-tree bpdufilter enable

 

interface FastEthernet0/47
description ***DHCP-ROGUE***
switchport mode access
switchport port-security
switchport port-security mac-address sticky
switchport port-security mac-address sticky blablabalb
spanning-tree portfast
spanning-tree bpdufilter enable
!
interface FastEthernet0/48
description ***DHCP-SERVER***
switchport mode access
switchport port-security
switchport port-security mac-address sticky
switchport port-security mac-address sticky blblabalba
spanning-tree portfast
spanning-tree bpdufilter enable
ip dhcp snooping trust
!

 

Switch#show ip dhcp snooping
Switch DHCP snooping is enabled
DHCP snooping is configured on following VLANs:
1
DHCP snooping is operational on following VLANs:
1
DHCP snooping is configured on the following L3 Interfaces:

 

Insertion of option 82 is enabled
   circuit-id format: vlan-mod-port
    remote-id format: MAC
Option 82 on untrusted port is not allowed
Verification of hwaddr field is enabled
Verification of giaddr field is enabled
DHCP snooping trust/rate is configured on the following Interfaces:

 

Interface                    Trusted     Rate limit (pps)
------------------------     -------     ----------------
FastEthernet0/48             yes         unlimited

 

I don't get why the fa0/1 computer cant get an IP address ....

 

 

Thanks if you can enlight me

  • Andrea D'Orsi 2 posts since
    Sep 10, 2009
    Currently Being Moderated
    3. Dec 25, 2009 7:45 AM (in response to Nicolas MICHEL)
    Re: DHCP Snooping

    Hi Nicolas,

     

    thank you for this post. I lost some days trying to understand why this happens... I have a 3550 with EMI ios and I tried the DHCP snooping, but doesn'work... The problem was the same: the client can't get ip addres when dhcp snooping is working.

    I will try your solution ASAP.

    Best regards and... Merry Christmas!

     

    Andrea

  • Andrea D'Orsi 2 posts since
    Sep 10, 2009
    Currently Being Moderated
    4. Dec 26, 2009 7:27 AM (in response to Andrea D'Orsi)
    Re: DHCP Snooping

    You have reason... GREAT! IT WORKS!

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)