RE: DHCP Snooping and ip helper

From: mgreenlee@ipexpert.com
Date: Wed Jan 16 2008 - 03:38:46 ARST

• Next message: Satha Nantheesan: "RE: GLBP Question"
• Previous message: laidlaw@consecro.com: "RE: encapsulation dot1Q on PC Fastethernet..."
• Maybe in reply to: Geert Nijs: "DHCP Snooping and ip helper"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

IP helper can be configured on the L3 switch.

A few things to watch for:
1. Trusted ports - with DHCP snooping, the port where the DHCP reply would
be coming into the switch with snooping enabled needs to be trusted.

2. Option 82 - some switches will insert this information by default,
depending on platform and software version. If the device with a helper
address receives a dhcp request with information inserted and a 0.0.0.0
giaddr, it may drop the packet, unless it is configured to allow the
information (ip dhcp relay info trust). Alternatively, you could configure
the device inserting the option82 information to NOT insert the info.

Debugs on the switches can be informative regarding what traffic is
dropped/seen. (debug ip dhcp server packet, debug ip dhcp server on both
switches)

(debug ip dhcp snooping event, debug ip dhcp snooping packet on the switch
with snooping configured)

Marvin Greenlee, CCIE #12237 (R&S, SP, Sec)
Senior Technical Instructor - IPexpert, Inc.
A Cisco Learning Partner - We Accept Learning Credits!
Telephone: +1.810.326.1444
Fax: +1.810.454.0130
Mailto: mgreenlee@ipexpert.com
 
IPexpert - The Global Leader in Self-Study, Classroom-Based, Video On Demand
and Audio Certification Training Tools for the Cisco CCIE R&S Lab, CCIE
Security Lab, CCIE Service Provider Lab, CCIE Voice Lab and CCIE Storage Lab
Certifications.

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Geert Nijs
Sent: Tuesday, January 15, 2008 4:52 AM
To: ccielab@groupstudy.com
Subject: DHCP Snooping and ip helper

Hi group,

I am looking for details regarding DHCP snooping when implemented on the
standard 3-tier design:

[L3 switch - ip and HSRP defined for vlan x] ----------------- [L2 Access
switch with ip for management in vlan x]

The L2 access switch is running DHCP snooping.
Wheir do i have to configure my ip helper address ? On the L3 switch or on
the L2 switch ?
I have the impression that my DHCP is not working anymore if i enable ip
helper on L3 switch and DHCP snooping on the L2 switch...
It only works when ip helper is defined on the L2 switch. Why ?

Does anyone have details regarding the interaction of ip helper address and
DHCP snooping ?

regards,
Geert

________________________________
disclaimer : http://webservices.simac.be/disclaimer.htm

• Next message: Satha Nantheesan: "RE: GLBP Question"
• Previous message: laidlaw@consecro.com: "RE: encapsulation dot1Q on PC Fastethernet..."
• Maybe in reply to: Geert Nijs: "DHCP Snooping and ip helper"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Feb 01 2008 - 10:38:00 ARST