Using DHCPv4 snooping with option 82
DHCPv4 adds Option 82 (relay information option) to DHCPv4 request packets received on untrusted ports by default. (See “Configuring DHCP Relay” in the management and configuration guide for more information on Option 82.)
DHCPv4 snooping only overrides the Option 82 settings on a VLAN that has snooping enabled, not on VLANs without snooping enabled.
Syntax
[no] dhcp-snooping option 82 [remote-id <mac|subnet-ip|mgmt-ip>][untrusted-policy<drop|keep|replace>]
Enables DHCP Option 82 insertion in the packet
- remote-id
- Sets the value used for the remote-id field of the relay information option.
- mac
Uses the switch mac address for the remote-id. This is the default.
- subnet-ip
Uses the IP address of the VLAN on which the packet was received for the remote-id. If subnet-ip is specified but the value is not set, the MAC address is used.
- mgmt-ip
Uses the management VLAN IP address as the remote-id. If mgmt-ip is specified but the value is not set, the MAC address is used.
- untrusted-policy
- Configures DHCPv4 snooping behavior when forwarding a DHCPv4 packet from an untrusted port that already contains DHCPv4 relay information (Option 82). The default is
drop
.- drop
Drops the packet.
- keep
Forwards the packet without replacing the option information.
- replace
Replaces the existing option with a new Option 82 generated by the switch.
NOTE:The default drop policy should remain in effect if there are any untrusted nodes, such as clients, directly connected to this switch.