Cisco Systems WSC4500X16SFP Manual De Usuario
31-6
Software Configuration Guide—Release 12.2(25)SG
OL-7659-03
Chapter 31 Configuring DHCP Snooping and IP Source Guard
Configuring DHCP Snooping on the Switch
Enabling DHCP Snooping on Private VLAN
DHCP snooping can be enabled on private VLANs, which provide
isolation between Layer 2 ports
within the same VLAN. If DHCP snooping is enabled (or disabled), the configuration is propagated to
both the primary VLAN and its associated secondary VLANs. You cannot enable (or disable) DHCP
snooping on a primary VLAN without reflecting this configuration change on the secondary VLANs.
both the primary VLAN and its associated secondary VLANs. You cannot enable (or disable) DHCP
snooping on a primary VLAN without reflecting this configuration change on the secondary VLANs.
Configuring DHCP snooping on a secondary
VLAN is still allowed, but it will not take effect if the
associated primary VLAN is already configured. If the associated primary VLAN is configured, the
effective
effective
DHCP snooping mode on the secondary VLAN is derived from the corresponding primary
VLAN. Manually configuring DHCP snooping on a secondary VLAN will cause the switch to issue this
warning message:
warning message:
DHCP Snooping configuration may not take effect on secondary vlan XXX
The show ip dhcp snooping command will display all VLANs (both primary and secondary) that have
DHCP snooping
DHCP snooping
enabled.
Enabling the DHCP Snooping Database Agent
To configure the database agent, perform one or more of the following tasks:
Note
Because both NVRAM and bootflash have limited storage capacity, using TFTP or network-based files
is preferable. If you use bootflash to store the database file, new updates to the file (by the agent) result
in the creation of new files, causing the flash to fill very quickly. Moreover, when a file is stored in a
remote location accessible through TFTP, an RPR standby supervisor engine can take over the binding
list when a switchover occurs.
is preferable. If you use bootflash to store the database file, new updates to the file (by the agent) result
in the creation of new files, causing the flash to fill very quickly. Moreover, when a file is stored in a
remote location accessible through TFTP, an RPR standby supervisor engine can take over the binding
list when a switchover occurs.
Note
Network-based URLs (such as TFTP and FTP) require that you create an empty file at the configured
URL before the switch can write the set of bindings for the first time.
URL before the switch can write the set of bindings for the first time.
Command
Purpose
Switch(config)# ip dhcp snooping database {
url |
write-delay
seconds | timeout seconds }
Switch(config)# no ip dhcp snooping database
[write-delay | timeout]
(Required) Configures a URL for the database agent (or file)
and the related timeout values.
and the related timeout values.
Switch# show ip dhcp snooping database [detail]
(Optional) Displays the current operating state of the
database agent and statistics associated with the transfers.
database agent and statistics associated with the transfers.
Switch# clear ip dhcp snooping database statistics
(Optional) Clears the statistics associated with the database
agent.
agent.
Switch# renew ip dhcp snooping database [validation
none] [
url]
(Optional) Requests the read entries from a file at the given
URL.
URL.
Switch# ip dhcp snooping binding
mac-addr vlan vlan
ipaddr interface ifname expiry lease-in-seconds
Switch# no ip dhcp snooping binding
mac-addr vlan
vlan ipaddr interface ifname
(Optional) Adds/deletes bindings to the snooping database.