Configuring the Ports Connected to DHCP Server and DHCP Client
|
#configure terminal |
Enter Configure mode. |
|
(config)#bridge 1 protocol ieee vlan-bridge |
Create IEEE VLAN bridge 1. |
|
(config)#vlan 2 bridge 1 state enable |
Create VLAN 2 |
|
(config)#ip dhcp snooping bridge 1 |
Configure DHCP snooping for bridge 1 |
|
(config)#ip dhcp snooping information option bridge 1 |
Configure DHCP snooping information option 82 |
|
(config)#ip dhcp snooping vlan 2 bridge 1 |
Configure DHCP snooping for VLAN 2 for bridge 1 |
|
(config)#ip dhcp snooping verify mac-address bridge 1 |
Configure DHCP snooping verify MAC-address |
|
(config)#interface xe1 |
Enter Interface Mode |
|
(config-if)#switchport |
Configure the interface as Layer 2 |
|
(config-if)#bridge-group 1 |
Associate the interface with bridge group 1. |
|
(config-if)#switchport mode access |
Set the Layer2 interface as Access. (It can be Trunk mode also) |
|
(config-if)#switchport access vlan 2 |
Set the default VLAN for the interface |
|
(config-if)#ip dhcp snooping trust |
Configuring the interface as Trust. Basically this is configured on the interface which is connected to Server Side. |
|
(config-if)#exit |
Exit interface mode. |
|
(config)#interface xe2 |
Enter Interface Mode |
|
(config-if)#switchport |
Configure the interface as Layer 2 |
|
(config-if)#bridge-group 1 |
Associate the interface with bridge group 1. |
|
(config-if)#switchport mode access |
Set the Layer2 interface as Access. (It can be Trunk mode also) |
|
(config-if)#switchport access vlan 2 |
Set the default VLAN for the interface |
|
(config-if)#ip verify source dhcp-snooping-vlan |
Configuring IP source guard at Interface level and configured on the interface which is connected to client side |
|
(config-if)#ip verify source access-group mode merge |
Merge IPSG policy with other ACL |
|
(config-if)#exit |
Exit interface mode |
|
(config)#ip dhcp snooping binding bridge 1 0011.1111.2222 2 ipv4 1.1.1.1 xe2 |
Configure IPv4 Static Entry For DHCP snooping with MAC address and Source Address for an interface and VLAN configured |
|
(config)#ip dhcp snooping binding bridge 1 0022.2222.3333 2 ipv6 3ffe::1 xe2 |
Configure IPv6 Static Entry For DHCP snooping with MAC address and Source Address for an interface and VLAN configured |
|
(config)#commit |
Commit Candidate config to running-config |
|
(config)#exit |
Exit config mode |
|
#clear ip dhcp snooping binding bridge 1 |
Clear DHCP binding tables which are learned dynamically |
Validation
Verify that DHCP snooping is enabled on the bridge:
#sh ip dhcp snooping bridge 1
Bridge Group : 1
DHCP snooping is : Enabled
DHCP snooping option82 is : Enabled
Verification of hwaddr field is : Enabled
DHCP snooping is configured on following VLANs : 2
DHCP snooping is operational on following VLANs : 2
DHCP snooping trust is configured on the following Interfaces
Interface Trusted
--------------- -------
xe1 Yes
DHCP snooping IP Source Guard is configured on the following Interfaces.
Interface Source Guard
--------------- ------------
xe2 Yes