Configuring DHCP Snooping
DHCP snooping creates a binding table, which includes the client IP address, MAC address, VLAN ID, physical port and the lease time. DHCP snooping is disabled by default. The steps below explain how to enable DHCP snooping and configure the trust port (by default all the ports are untrusted ports), DHCP snooping binding file and the delay timer for writing the DHCP snooping entries from memory to the binding file, and how to configure DHCP snooping Option 82 policy.
Procedure
Step 1     Configure DHCP snooping on a VLAN.
  set protocols dhcp snooping vlan <vlan-id> disable <true | false>
NOTE: DHCP snooping should be enabled in the VLAN, it takes effect only on DHCP messages received from interfaces in this VLAN. Packets that are not received from this VLAN won’t be processed by DHCP snooping module and will be processed and forwarded as ordinary packets. |
Step 2Â Â Â Â Â Configure the interface connected to the DHCP server as DHCP snooping trusted interface.
  set protocols dhcp snooping trust-port <interface-name>
NOTE:
|
Step 3     (Optional) Configure the DHCP snooping binding file and the delay timer for writing the DHCP snooping entries from memory to the binding file.
  set protocols dhcp snooping binding file <file-path>Â
  set protocols dhcp snooping binding write-delay <write-delay-timer>
Step 4Â Â Â Â Â (Optional) Configure the DHCP snooping Option 82 policy and the sub-options.
  set protocols dhcp snooping vlan <vlan-id> option82-policy <drop | keep | insert | replace>
  set protocols dhcp snooping option82 circuit-id <port-index | port-name | port-description>
  set protocols dhcp snooping option82 remote-id <system-mac | hostname>
Step 5Â Â Â Â Â (Optional) Enable Option 82 trust-all function for DHCP snooping.
  set protocols dhcp snooping option82 trust-all <true | false>
Configuration example
Networking Requirements
- On PICA8 Switch, the interfaces ge-1/1/1 and ge-1/1/2 are in VLAN 2.
- Enable DHCP snooping on VLAN 2.
- Configure the interface connected to the DHCP server (ge-1/1/2) as the DHCP snooping trust interface.Â
Figure 1Â DHCP Snooping Networks
Procedure
Step 1Â Â Â Â Â Configure VLAN.
admin@XorPlus# set vlans vlan-id 2 admin@XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switching native-vlan-id 2 admin@XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switching native-vlan-id 2
Step 2Â Â Â Â Â Configure DHCP snooping on VLAN 2.
admin@XorPlus#set protocols dhcp snooping vlan 2 disable false
Step 3Â Â Â Â Â Configure the interface connected to the DHCP server as DHCP snooping trusted interface.
admin@XorPlus# set protocols dhcp snooping trust-port ge-1/1/2
Step 4Â Â Â Â Â (Optional) Configure /tmp/run/dhcp_bind as the DHCP snooping binding file and the value of delay timer for writing the DHCP snooping entries from memory to the binding file is 30s.
admin@XorPlus# set protocols dhcp snooping binding file /tmp/run/dhcp_bind admin@XorPlus# set protocols dhcp snooping binding write-delay 30
Step 5     Commit the configuration.
admin@XorPlus# commit
Step 6Â Â Â Â Â Verify the configuration.
- After the configuration is complete, run the run show dhcp snooping command to view the DHCP snooping binding table. Â
admin@Xorplus# run show dhcp snooping binding Total count: 1 MAC Address IP Address Port VLAN ID Lease(sec) ------------------------------------------------------------------------------------------------------- 14:18:77:18:2c:b9 100.1.1.1 ge-1/1/1 2 599/600
- DHCP client can obtain the IP address normally.
Copyright © 2024 Pica8 Inc. All Rights Reserved.