Cisco Cisco Gigabit Ethernet Switch Module (CGESM) for HP Technical References
2-108
Cisco Gigabit Ethernet Switch Module for the HP p-Class BladeSystem Command Reference Guide
380265-002
Chapter 2 CGESM Switch Cisco IOS Commands
ip dhcp snooping information option allow-untrusted
ip dhcp snooping information option allow-untrusted
Use the ip dhcp snooping information option allow-untrusted global configuration command on an
aggregation switch to configure it to accept DHCP packets with option-82 information that are received
on untrusted ports that might be connected to an edge switch. Use the no form of this command to return
to the default setting.
aggregation switch to configure it to accept DHCP packets with option-82 information that are received
on untrusted ports that might be connected to an edge switch. Use the no form of this command to return
to the default setting.
ip dhcp snooping information option allow-untrusted
no ip dhcp snooping information option allow-untrusted
Syntax Description
This command has no arguments or keywords.
Defaults
The switch drops DHCP packets with option-82 information that are received on untrusted ports that
might be connected to an edge switch.
might be connected to an edge switch.
Command Modes
Global configuration
Command History
Usage Guidelines
You might want an edge switch to which a host is connected to insert DHCP option-82 information at
the edge of your network. You might also want to enable DHCP security features, such as DHCP
snooping, on an aggregation switch. However, if DHCP snooping is enabled on the aggregation switch,
the switch drops packets with option-82 information that are received on an untrusted port and does not
learn DHCP snooping bindings for connected devices on a trusted interface.
the edge of your network. You might also want to enable DHCP security features, such as DHCP
snooping, on an aggregation switch. However, if DHCP snooping is enabled on the aggregation switch,
the switch drops packets with option-82 information that are received on an untrusted port and does not
learn DHCP snooping bindings for connected devices on a trusted interface.
If the edge switch to which a host is connected inserts option-82 information and you want to use DHCP
snooping on an aggregation switch, enter the ip dhcp snooping information option allow-untrusted
command on the aggregation switch. The aggregation switch can learn the bindings for a host even
though the aggregation switch receives DHCP snooping packets on an untrusted port. You can also
enable DHCP security features on the aggregation switch. The port on the edge switch to which the
aggregation switch is connected must be configured as a trusted port.
snooping on an aggregation switch, enter the ip dhcp snooping information option allow-untrusted
command on the aggregation switch. The aggregation switch can learn the bindings for a host even
though the aggregation switch receives DHCP snooping packets on an untrusted port. You can also
enable DHCP security features on the aggregation switch. The port on the edge switch to which the
aggregation switch is connected must be configured as a trusted port.
Note
Do not enter the ip dhcp snooping information option allow-untrusted command on an aggregation
switch to which an untrusted device is connected. If you enter this command, an untrusted device might
spoof the option-82 information.
switch to which an untrusted device is connected. If you enter this command, an untrusted device might
spoof the option-82 information.
Examples
This example shows how to configure an access switch to not check the option-82 information in
untrusted packets from an edge switch and to accept the packets:
untrusted packets from an edge switch and to accept the packets:
Switch(config)# ip dhcp snooping information option allow-untrusted
You can verify your settings by entering the show ip dhcp snooping privileged EXEC command.