White Papers
DHCP Snooping for a Multi-Tenant Host
You can congure the DHCP snooping feature such that multiple IP addresses are expected for the same MAC address. You can use the
ip dhcp snooping command multiple times to map the same MAC address with dierent IP addresses. This conguration is also used
for dynamic ARP inspection (DAI) and source address validation (SAV). The DAI and SAV tables reect the same entries in the DHCP
snooping binding table.
NOTE: If you enable DHCP Option 82 using the ip dhcp relay command, by default, the remote-ID eld contains the MAC
address of the relay agent. If you congure the remote ID as the host name in a VLT setup, congure dierent host names on
both VLT peers. If you congure the remote ID with your own string, ensure that your strings are dierent on both VLT peers.
DHCP Snooping in a VLT Setup
In a VLT setup, the DHCP snooping binding table synchronizes between the VLT nodes. Similarly, the DAI and SAV tables also synchronize
between VLT nodes. For this feature to work in a VLT setup, make sure that DHCP relay, DHCP snooping, SAV, and DAI congurations are
identical between the VLT peer nodes.
Enabling DHCP Snooping
To enable DHCP snooping, use the following commands.
1 Enable DHCP snooping globally.
CONFIGURATION mode
ip dhcp snooping
2 Specify ports connected to DHCP servers as trusted.
INTERFACE mode
ip dhcp snooping trust
3 Enable DHCP snooping on a VLAN.
CONFIGURATION mode
ip dhcp snooping vlan name
Adding a Static Entry in the Binding Table
To add a static entry in the binding table, use the following command.
• Add a static entry in the binding table.
EXEC Privilege mode
ip dhcp snooping binding mac mac-address vlan-id vlan-id ip ip-address interface interface-
type interface-number lease lease-value
If multiple IP addresses are expected for the same MAC address, repeat this step for all IP addresses.
Clearing the Binding Table
To clear the binding table, use the following command.
Dynamic Host
Conguration Protocol (DHCP) 357