Configure DHCP Snooping Basic Functions Example
Network Requirements
- DHCP Server1 is the valid DHCP server; DHCP Server2 is the invalid DHCP server.
- After configuring the DHCP Snooping function, PC1 and PC2 both can get address from DHCP Server1.
Network Topology
Figure 7-6 Networking of configuring DHCP Snooping basic functions
Configuration Steps
Step 1: Configure the link type of VLAN and port on Device.
#Create VLAN2.
Device#configure terminal
Device(config)#vlan 2
Device(config-vlan2)#exit
|
#Configure the link type of port tengigabitethernet0/1-tengigabitethernet0/3 as Access, permitting the services of VLAN2 to pass.
Device(config)#interface tengigabitethernet 0/1-0/3
Device(config-if-range)#switchport mode access
Device(config-if-range)#switchport access vlan 2
Device(config-if-range)#exit
|
Step 2: Configure the address pool of DHCP Server1 as 192.168.1.100-192.168.1.199 and the address pool of DHCP Server2 as 192.168.2.100-192.168.2.199. (Omitted)
Step 3: Configure the DHCP Snooping function on Device.
#Enable the DHCP Snooping function.
Device(config)#dhcp-snooping
|
#Configure the port tengigabitethernet0/2 as trust port.
Device(config)#interface tengigabitethernet 0/2
Device(config-if-tengigabitethernet0/2)#dhcp-snooping trust
Device(config-if-tengigabitethernet0/2)#exit
|
Step 4: Check the result.
#After PC1 and PC2 get the address successfully, view the DHCP Snooping entries on Device.
Device#show dhcp-snooping database
dhcp-snooping database:
database entries count:2
database entries delete time :300
----------------------------------------------------------------------------------------
macAddr ipAddr transtion-id vlan interface leaseTime(s) status
0013.0100.0002 192.168.1.101 1 2 te0/1 107990 active ------
0013.0100.0001 192.168.1.100 0 2 te0/1 107989 active ------
Total valid DHCP Client binding table for this criterion: 2
PC1 and PC2 both can get address from DHCP Server1.