Cisco Systems 3130 User Manual
21-13
Cisco Catalyst Blade Switch 3130 for Dell Software Configuration Guide
OL-13270-01
Chapter 21 Configuring DHCP Features and IP Source Guard
Configuring DHCP Features
To disable DHCP snooping, use the no ip dhcp snooping global configuration command. To disable
DHCP snooping on a VLAN or range of VLANs, use the no ip dhcp snooping vlan vlan-range global
configuration command. To disable the insertion and removal of the option-82 field, use the no ip dhcp
snooping information option global configuration command. To configure an aggregation switch to
drop incoming DHCP snooping packets with option-82 information from an edge switch, use the no ip
dhcp snooping information option allow-untrusted global configuration command.
DHCP snooping on a VLAN or range of VLANs, use the no ip dhcp snooping vlan vlan-range global
configuration command. To disable the insertion and removal of the option-82 field, use the no ip dhcp
snooping information option global configuration command. To configure an aggregation switch to
drop incoming DHCP snooping packets with option-82 information from an edge switch, use the no ip
dhcp snooping information option allow-untrusted global configuration command.
This example shows how to enable DHCP snooping globally and on VLAN 10 and to configure a rate
limit of 100 packets per second on a port:
limit of 100 packets per second on a port:
Switch(config)# ip dhcp snooping
Switch(config)# ip dhcp snooping vlan 10
Switch(config)# ip dhcp snooping information option
Step 6
ip dhcp snooping information option
allow-untrusted
allow-untrusted
(Optional) If the switch is an aggregation switch connected to an edge
switch, enable the switch to accept incoming DHCP snooping packets
with option-82 information from the edge switch.
switch, enable the switch to accept incoming DHCP snooping packets
with option-82 information from the edge switch.
The default setting is disabled.
Note
Enter this command only on aggregation switches that are
connected to trusted devices.
connected to trusted devices.
Step 7
interface interface-id
Specify the interface to be configured, and enter interface configuration
mode.
mode.
Step 8
ip dhcp snooping vlan vlan information
option format-type circuit-id string
ASCII-string
option format-type circuit-id string
ASCII-string
(Optional) Configure the circuit-ID suboption for the specified interface.
Specify the VLAN and port identifier, using a VLAN ID in the range of 1
to 4094. The default circuit ID is the port identifier, in the format
vlan-mod-port.
to 4094. The default circuit ID is the port identifier, in the format
vlan-mod-port.
You can configure the circuit ID to be a string of 3 to 63 ASCII characters
(no spaces).
(no spaces).
Step 9
ip dhcp snooping trust
(Optional) Configure the interface as trusted or untrusted. You can use the
no keyword to configure an interface to receive messages from an
untrusted client. The default setting is untrusted.
no keyword to configure an interface to receive messages from an
untrusted client. The default setting is untrusted.
Step 10
ip dhcp snooping limit rate rate
(Optional) Configure the number of DHCP packets per second that an
interface can receive. The range is 1 to 2048. By default, no rate limit is
configured.
interface can receive. The range is 1 to 2048. By default, no rate limit is
configured.
Note
We recommend an untrusted rate limit of not more than 100
packets per second. If you configure rate limiting for trusted
interfaces, you might need to increase the rate limit if the port is
a trunk port assigned to more than one VLAN on which DHCP
snooping is enabled.
packets per second. If you configure rate limiting for trusted
interfaces, you might need to increase the rate limit if the port is
a trunk port assigned to more than one VLAN on which DHCP
snooping is enabled.
Step 11
exit
Return to global configuration mode.
Step 12
ip dhcp snooping verify mac-address
(Optional) Configure the switch to verify that the source MAC address in
a DHCP packet that is received on untrusted ports matches the client
hardware address in the packet. The default is to verify that the source
MAC address matches the client hardware address in the packet.
a DHCP packet that is received on untrusted ports matches the client
hardware address in the packet. The default is to verify that the source
MAC address matches the client hardware address in the packet.
Step 13
end
Return to privileged EXEC mode.
Step 14
show running-config
Verify your entries.
Step 15
copy running-config startup-config
(Optional) Save your entries in the configuration file.
Command
Purpose