Administrator Guide
Layer 2 Switching Commands 347
User Guidelines
To enable DHCP snooping, do the following:
1
Enable DHCP Snooping globally.
2
Enable DHCP Snooping per VLAN.
3
Set DHCP Snooping trusted port on the port in the DHCP server
direction.
The bindings database populated by DHCP snooping is used by several other
services, including IP source guard and dynamic ARP inspection. DHCP
snooping must be enabled for these services to operate.
Example
The following configuration enables DHCP snooping on VLAN 1 for a switch
connected to a DHCP server over interface gi1/0/4:
console(config)#ip dhcp snooping
console(config-if-vlan1)#ip dhcp snooping
console(config-if-vlan1)#exit
console(config)#interface gi1/0/4
console(config-if-Gi1/0/4)#ip dhcp snooping trust
ip dhcp snooping binding
Use the ip dhcp snooping binding command to configure a static DHCP
Snooping binding. Use the “no” form of this command to remove a static
binding.
Syntax
ip dhcp snooping binding
mac-address
vlan
vlan-id ip-address
interface
interface-id
no ip dhcp snooping binding
mac-address
•
mac-address
—
The client's MAC address.
•
vlan-id
—
The identifier of the VLAN the client is authorized to use.
•
ip-address
—
The IP address of the client.
•
interface-id
—
The interface on which the client is authorized. The interface may
be an Ethernet interface identifier or a port channel interface identifier.
2CSNXXX_SWUM204.book Page 347 Monday, January 25, 2016 1:25 PM