hit counter script

Cisco Catalyst 2975 Software Configuration Manual page 520

Ios release 12.2(55)se
Hide thumbs Also See for Catalyst 2975:
Table of Contents

Advertisement

Configuring DHCP Snooping
Before globally enabling DHCP snooping on the switch, make sure that the devices acting as the
DHCP server and the DHCP relay agent are configured and enabled.
Before configuring the DHCP snooping information option on your switch, be sure to configure the
device that is acting as the DHCP server. For example, you must specify the IP addresses that the
DHCP server can assign or exclude, or you must configure DHCP options for these devices.
When configuring a large number of circuit IDs on a switch, consider the impact of lengthy
character strings on the NVRAM or the flash memory. If the circuit-ID configurations, combined
with other data, exceed the capacity of the NVRAM or the flash memory, an error message appears.
Before configuring the DHCP relay agent on your switch, make sure to configure the device that is
acting as the DHCP server. For example, you must specify the IP addresses that the DHCP server
can assign or exclude, configure DHCP options for devices, or set up the DHCP database agent.
If the DHCP relay agent is enabled but DHCP snooping is disabled, the DHCP option-82 data
insertion feature is not supported.
If a switch port is connected to a DHCP server, configure a port as trusted by entering the ip dhcp
snooping trust interface configuration command.
If a switch port is connected to a DHCP client, configure a port as untrusted by entering the no ip
dhcp snooping trust interface configuration command.
Follow these guidelines when configuring the DHCP snooping binding database:
Do not enter the ip dhcp snooping information option allow-untrusted command on an
aggregation switch to which an untrusted device is connected. If you enter this command, an
untrusted device might spoof the option-82 information.
You can display DHCP snooping statistics by entering the show ip dhcp snooping statistics user
EXEC command, and you can clear the snooping statistics counters by entering the clear ip dhcp
snooping statistics privileged EXEC command.
Note
Catalyst 2975 Switch Software Configuration Guide
20-10
Because both NVRAM and the flash memory have limited storage capacity, we recommend that
you store the binding file on a TFTP server.
For network-based URLs (such as TFTP and FTP), you must create an empty file at the
configured URL before the switch can write bindings to the binding file at that URL. See the
documentation for your TFTP server to determine whether you must first create an empty file
on the server; some TFTP servers cannot be configured this way.
To ensure that the lease time in the database is accurate, we recommend that you enable and
configure NTP. For more information, see the
If NTP is configured, the switch writes binding changes to the binding file only when the switch
system clock is synchronized with NTP.
Do not enable Dynamic Host Configuration Protocol (DHCP) snooping on RSPAN VLANs. If
DHCP snooping is enabled on RSPAN VLANs, DHCP packets might not reach the RSPAN
destination port.
Chapter 20
Configuring DHCP Features and IP Source Guard Features
"Configuring NTP" section on page
7-4.
OL-19720-02

Hide quick links:

Advertisement

Table of Contents
loading

Table of Contents