When you configure DHCP snooping on your switch, you are enabling the switch to differentiate untrusted interfaces from trusted interfaces. You must enable DHCP snooping globally before you can use DHCP snooping on a VLAN. You can enable DHCP snooping independently from other DHCP features.
Once you have enabled DHCP snooping, all the DHCP relay information option configuration commands are disabled; this includes the following commands:
•ip dhcp relay information check
•ip dhcp relay information policy
•ip dhcp relay information option
•ip dhcp relay information trusted
•ip dhcp relay information trust-all
These sections describe how to configure DHCP snooping:
DHCP snooping is disabled by default. Table 19-1 shows all the default configuration values for each DHCP snooping option.
Table 19-1 Default Configuration Values for DHCP Snooping
Option
Default Value/State
DHCP snooping
Disabled
DHCP snooping information option
Enabled
DHCP snooping limit rate
Infinite (functions as if rate limiting were disabled)
DHCP snooping trust
Untrusted
DHCP snooping vlan
Disabled
If you want to change the default configuration values, see the "Enabling DHCP Snooping" section.
Enabling DHCP Snooping
To enable DHCP snooping, perform this task:
Command
Purpose
Step 1
Switch(config)# ip dhcp snooping
Enables DHCP snooping globally.
You can use the no keyword to disable DHCP snooping.
Step 2
Switch(config)# ip dhcp snoopingvlannumber
[number]
Enables DHCP snooping on your VLANs.
Step 3
Switch(config)# ip dhcp snoopinginformation
option
Enables DHCP Option 82 data insertion.
Step 4
Switch(config-if)# ip dhcp snoopingtrust
Configures the interface as trusted or untrusted.
You can use the no keyword of to configure an interface to receive only messages from within the network.
Step 5
Switch(config-if)# ip dhcp snoopinglimit rate
rate
Configures the number of DHCP packets per second (pps) that an interface can receive.
Note You may not want to configure untrusted rate limiting to more than 100 pps.
Normally, the rate limit applies to untrusted interfaces. If you want to set up rate limiting for trusted interfaces, keep in mind that trusted interfaces aggregate all DHCP traffic in the switch, and you will need to adjust the rate limit to a higher value.
Step 6
Switch(config)# end
Exits configuration mode.
Step 7
Switch# show ip dhcp snooping
Verifies the configuration.
You can configure DHCP snooping for a single VLAN or a range of VLANs. To configure a single VLAN, enter a single VLAN number. To configure a range of VLANs, enter a beginning and an ending VLAN number.
This example shows how to enable DHCP snooping on VLANs 10 through 100:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ip dhcp snooping
Switch(config)# ip dhcp snooping vlan 10 100
Switch(config)# ip dhcp snooping information option
Switch(config-if)# ip dhcp snooping trust
Switch(config-if)# ip dhcp snooping limit rate 100
Switch(config)# end
Switch# show ip dhcp snooping
DHCP Snooping is configured on the following VLANs:
10 30-40 100 200-220
Insertion of option 82 information is enabled.
Interface Trusted Rate limit (pps)
--------- ------- ----------------
FastEthernet2/1 yes 10
FastEthernet2/2 yes none
FastEthernet3/1 no 20
Switch#
Configuring DHCP Snooping on Private VLAN
DHCP snooping can be enabled on private VLANs, which provide isolation between Layer 2 ports within the same VLAN. If DHCP snooping is enabled (or disabled), the configuration is propagated to both the primary VLAN and its associated secondary VLANs; you cannot enable (or disable) DHCP snooping on a primary VLAN without reflecting this configuration change on the secondary VLANs.
Configuring DHCP snooping on a secondary VLAN is still allowed, but it will not take effect if the associated primary VLAN is already configured. If this is the case, the effective DHCP snooping mode on the secondary VLAN is derived from the corresponding primary VLAN. Manually configuring DHCP snooping on a secondary VLAN will cause the switch to issue the error message:
DHCP Snooping configuration may not take effect on secondary vlan XXX
The command show ip dhcp snooping will display all VLANs with DHCP snooping enabled, including both primary VLANs and their corresponding secondary VLANs.
Displaying DHCP Snooping Information
You can display a DHCP snooping binding table and configuration information for all interfaces on a switch.
Displaying a Binding Table
The DHCP snooping binding table for each switch contains binding entries that correspond to untrusted ports. It does not contain information about hosts interconnected with a trusted port, because each interconnected switch will have its own DHCP snooping binding table.
This example shows how to display the DHCP snooping binding information for a switch.
Switch# show ip dhcp snooping binding
MacAddress IP Address Lease (seconds) Type VLAN Interface
안녕하세요 빛향기고운데입니다.
Cisco Switch에 TFTP 를 이용하여 IOS파일을 Update하는 방법을 설명합니다.
1. Cisco TFTP Server 파일을 설치하고 준비한다.(검색이용하면 쉽게 다운할수 있습니다)
2. IOS Image를 준비한다.
3. TFTP서버를 이용하여 Server를 작동시킨다.
4. Console을 이용하여 Switch에 접근
5. Switch 와 Server를 구동시킨 Host를 UTP로 연결
6. Host TCP/IP에 IP를 부여
7. Switch Vlan에 IP를 부여
8. Update진행
Switch 설정
interface vlan 1
ip address 1.1.1.2 255.255.0.0
no shutdown
-> 해당 Vlan에 IP Address 부여
inter gi 1/1
switch port
-> 해당 Interface
dir
-> dir이용 여유 용량 확인
copy tftp: bootflash:
Address or name of remote host []? 1.1.1.1
-> TFTP서버 지정
invalid-file
ip dhcp relay information check 