Switch#show ip dhcp snooping
 

Switch DHCP snooping is disabled
DHCP snooping is configured on following VLANs:
1
Insertion of option 82 is enabled
   circuit-id format: vlan-mod-port
    remote-id format: MAC
Option 82 on untrusted port is not allowed
Verification of hwaddr field is enabled
Interface                    Trusted     Rate limit (pps)
------------------------     -------     ----------------
FastEthernet0/1              yes         unlimited
GigabitEthernet0/1           yes         unlimited
 

To enable global "Switch DHCP Snooping":

Switch(config)#ip dhcp snooping


To enable DHCP snoop debugging

Note this only works IF the global dhcp snooping is enabled

debug ip dhcp snooping packet

To disable the DHCP debugging:

no debug ip dhcp snooping packet

Enable Port As Trusted:

You cannot broadcast DHCP unless the port is trusted so here's how you enable trust on a port (it does not work on a vlan I suppose for security reasons):

Switch(config-if)#int fa0/1
Switch(config-if)#ip dhcp snooping trust

Enable Snooping on VLAN:

Switch(config)#
Switch(config)#ip dhcp snooping vlan 1

Allow Untrusted Port:

int fa0/3


ip dhcp snooping information option allow-untrusted

Disable Option 82

If the relay or destination DHCP server doesn't support Option 82 Information it will break your DHCP and you will NOT get an IP/lease.

So disable Option 82 unless you are sure your network supports it:

Switch(config)#no ip dhcp snooping information option


Resources:

https://community.cisco.com/t5/switching/dhcp-snooping-not-working-dropping-packets/td-p/2076543

https://www.askitmen.com/network/ccna/configure-dhcp-snooping/

cisco, dhcp, snooping, relay, informationswitch, ip, disabled, configured, vlans, insertion, enabled, circuit, format, vlan, mod, untrusted, verification, hwaddr, interface, pps, fastethernet, unlimited, gigabitethernet, enable, global, quot, config, snoop, debugging, debug, packet,

Latest Articles