Configuring DHCP snooping basic functions
Follow these guidelines when configure DHCP snooping basic functions:
You must specify the ports connected to the authorized DHCP servers as trusted to make sure that DHCP clients can obtain valid IP addresses. The trusted port and the port connected to the DHCP client must be in the same VLAN.
You can specify Layer 2 Ethernet interfaces and Layer 2 aggregate interfaces as trusted ports. For more information about aggregate interfaces, see Layer 2—LAN Switching Configuration Guide.
If a Layer 2 Ethernet interface is added to an aggregation group, the DHCP snooping configuration of the interface will not take effect. After the interface quits the aggregation group, the configuration will be effective.
DHCP snooping can work with basic QinQ or flexible QinQ. When receiving a packet without any VLAN tag from the DHCP client to the DHCP server, the DHCP snooping device adds a VLAN tag to the packet. If the packet has one VLAN tag, the device adds another VLAN tag to the packet and records the two VLAN tags in a DHCP snooping entry. The newly added VLAN tag is the outer tag. If the packet has two VLAN tags, the device directly forwards the packet to the DHCP server without adding any tag.
If you need to add a new VLAN tag and meanwhile modify the original VLAN tag for the packet, DHCP snooping cannot work with flexible QinQ.
To configure DHCP snooping basic functions:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Enable DHCP snooping. | dhcp-snooping | Disabled by default. |
3. Enter Ethernet interface view. | interface interface-type interface-number | The interface connects to the DHCP server. |
4. Specify the port as a trusted port. | dhcp-snooping trust | After DHCP snooping is enabled, a port is an untrusted port by default. |
5. Return to system view. | quit | N/A |
6. Enter interface view. | interface interface-type interface-number | The interface indirectly connects to the DHCP client. |
7. Disable the port from recording client's IP-to-MAC bindings. | dhcp-snooping no-user-binding | Optional. After DHCP snooping is enabled, all ports of the snooping device record clients' IP-to-MAC bindings. |