Cisco Systems 3560 사용자 설명서
21-12
Catalyst 3560 Switch Software Configuration Guide
OL-8553-06
Chapter 21 Configuring DHCP Features and IP Source Guard
Configuring DHCP Snooping
Enabling DHCP Snooping and Option 82
Beginning in privileged EXEC mode, follow these steps to enable DHCP snooping on the switch:
Command
Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
ip dhcp snooping
Enable DHCP snooping globally.
Step 3
ip dhcp snooping vlan vlan-range
Enable DHCP snooping on a VLAN or range of VLANs. The range is 1
to 4094.
to 4094.
You can enter a single VLAN ID identified by VLAN ID number, a series
of VLAN IDs separated by commas, a range of VLAN IDs separated by
hyphens, or a range of VLAN IDs separated by entering the starting and
ending VLAN IDs separated by a space.
of VLAN IDs separated by commas, a range of VLAN IDs separated by
hyphens, or a range of VLAN IDs separated by entering the starting and
ending VLAN IDs separated by a space.
Step 4
ip dhcp snooping information option
Enable the switch to insert and remove DHCP relay information
(option-82 field) in forwarded DHCP request messages to the DHCP
server. This is the default setting.
(option-82 field) in forwarded DHCP request messages to the DHCP
server. This is the default setting.
Step 5
ip dhcp snooping information option
format remote-id [string ASCII-string |
hostname]
format remote-id [string ASCII-string |
hostname]
(Optional) Configure the remote-ID suboption.
You can configure the remote ID to be:
•
String of up to 63 ASCII characters (no spaces)
•
Configured hostname for the switch
Note
If the hostname is longer than 63 characters, it is truncated to 63
characters in the remote-ID configuration.
characters in the remote-ID configuration.
The default remote ID is the switch MAC address.
Step 6
ip dhcp snooping information option
allow-untrusted
allow-untrusted
(Optional) If the switch is an aggregation switch connected to an edge
switch, enable the switch to accept incoming DHCP snooping packets
with option-82 information from the edge switch.
switch, enable the switch to accept incoming DHCP snooping packets
with option-82 information from the edge switch.
The default setting is disabled.
Note
Enter this command only on aggregation switches that are
connected to trusted devices.
connected to trusted devices.
Step 7
interface interface-id
Specify the interface to be configured, and enter interface configuration
mode.
mode.
Step 8
ip dhcp snooping vlan vlan information
option format-type circuit-id string
ASCII-string
option format-type circuit-id string
ASCII-string
(Optional) Configure the circuit-ID suboption for the specified interface.
Specify the VLAN and port identifier, using a VLAN ID in the range of 1
to 4094. The default circuit ID is the port identifier, in the format
vlan-mod-port.
to 4094. The default circuit ID is the port identifier, in the format
vlan-mod-port.
You can configure the circuit ID to be a string of 3 to 63 ASCII characters
(no spaces).
(no spaces).
Step 9
ip dhcp snooping trust
(Optional) Configure the interface as trusted or untrusted. You can use
the no keyword to configure an interface to receive messages from an
untrusted client. The default setting is untrusted.
the no keyword to configure an interface to receive messages from an
untrusted client. The default setting is untrusted.