Manualshelf

Leaflet

ManualsBrandsCisco ManualsSwitchesCisco Catalyst 6509-NEB-A Switch
41424344454647484950
41
OL-11615-01
Step 6 Optionally, enable the MAC-Address Matching option (in case it has been disabled). Use the set
dhcp-snooping match-mac enable command:
Console> (enable) set dhcp-snooping match-mac enable
Step 7 Optionally, enable DHCP snooping host-tracking information Option-82 feature when the DHCP clients
and servers do not reside in the same subnet or network, and the switch seats between them. By enabling
host-tracking information Option-82, every time the switch receives a DHCP request, it adds the
Option-82 information in the packet. The Option-82 information contains the switch MAC address (the
remote ID suboption) and the port identifier, vlan-mod-port, from which the packet is received (the
circuit ID suboption). Use the set dhcp-snooping information host-tracking enable command to
enable the host-tracking option:
Console> (enable) set dhcp-snooping information host-tracking enable
Step 8 Optionally, adjust the rate limit value for DHCP snooping using the set security acl feature ratelimit
command:
Console> (enable) set security acl feature ratelimit
rate
Note 802.1X-DHCP and DHCP snooping are mutually exclusive. You should not configure a VLAN for both
802.1X-DHCP and DHCP snooping.
This example shows how to enable DHCP snooping for VLAN 10 with a DHCP server on port 1/2:
Console> (enable) set security acl ip dhcpsnoop permit dhcp-snooping
Successfully configured DHCP Snooping for ACL dhcpsnoop. Use the 'commit' command to save
changes.
Console> (enable) set security acl ip dhcpsnoop permit ip any any
dhcpsnoop editbuffer modified. Use the 'commit' command to apply changes.
Console> (enable) commit security acl dhcpsnoop
ACL commit in progress.
ACL 'dhcpsnoop' successfully committed.
Console> (enable) set security acl map dhcpsnoop 10
Mapping in progress.
ACL dhcpsnoop successfully mapped to VLAN 10.
Console> (enable) set port dhcp-snooping 1/2 trust enable
Port(s) 1/2 state set to trusted for DHCP Snooping.
For more information on DHCP snooping on Catalyst 6500 Series switches running Catalyst OS, refer
to the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_8_5/confg_gd/dhcp.htm
Catalyst 6500 and Catalyst 4500 DHCP Snooping (Cisco IOS)
In Cisco IOS, DHCP snooping is disabled by default. The configuration of DHCP snooping requires first
enabling the DHCP snooping feature globally, and then on the necessary VLANs. Activating DHCP
snooping on VLANs does not require the use of VACLs, as is the case with Catalyst OS.
Note In Catalyst 6500 Series switches, DHCP snooping requires Supervisor 2, Supervisor 32, or Supervisor
720.