Cisco DHCP Snooping Relay Setup Information
Switch#show ip dhcp snooping
Switch DHCP snooping is disabled
DHCP snooping is configured on following VLANs:
1
Insertion of option 82 is enabled
circuit-id format: vlan-mod-port
remote-id format: MAC
Option 82 on untrusted port is not allowed
Verification of hwaddr field is enabled
Interface Trusted Rate limit (pps)
------------------------ ------- ----------------
FastEthernet0/1 yes unlimited
GigabitEthernet0/1 yes unlimited
To enable global "Switch DHCP Snooping":
Switch(config)#ip dhcp snooping
To enable DHCP snoop debugging
Note this only works IF the global dhcp snooping is enabled
debug ip dhcp snooping packet
To disable the DHCP debugging:
no debug ip dhcp snooping packet
Enable Port As Trusted:
You cannot broadcast DHCP unless the port is trusted so here's how you enable trust on a port (it does not work on a vlan I suppose for security reasons):
Switch(config-if)#int fa0/1
Switch(config-if)#ip dhcp snooping trust
Enable Snooping on VLAN:
Switch(config)#
Switch(config)#ip dhcp snooping vlan 1
Allow Untrusted Port:
int fa0/3
ip dhcp snooping information option allow-untrusted
Disable Option 82
If the relay or destination DHCP server doesn't support Option 82 Information it will break your DHCP and you will NOT get an IP/lease.
So disable Option 82 unless you are sure your network supports it:
Switch(config)#no ip dhcp snooping information option
Resources:
https://community.cisco.com/t5/switching/dhcp-snooping-not-working-dropping-packets/td-p/2076543
https://www.askitmen.com/network/ccna/configure-dhcp-snooping/
Tags:
cisco, dhcp, snooping, relay, informationswitch, ip, disabled, configured, vlans, insertion, enabled, circuit, format, vlan, mod, untrusted, verification, hwaddr, interface, pps, fastethernet, unlimited, gigabitethernet, enable, global, quot, config, snoop, debugging, debug, packet,