Switches, Hubs, and Modems
1748204 Members
4041 Online
108759 Solutions
New Discussion

Re: DHCP snooping option 82 clarification

 
SOLVED
Go to solution
Mohammed Faiz
Honored Contributor

DHCP snooping option 82 clarification

Hi,

I'm trying to clarify a few things regarding dhcp snooping on a 2650 but I'm struggling to make sense of the manual pages (for one thing I can't find the dhcp snooping in the 2650 manuals so I'm referencing the 5400 manuals!)

If I have a 2650 with dhcp snooping enabled on for example, VLAN 2 and Option 82 insertion is enabled (which is the default) but the switch does not have an IP address on that VLAN does the switch modify the client DHCP packets in any way?
(the default gateway and ip-helper settings for VLAN 2 live on another switch further up the network)

Thanks in advance,

Mo
6 REPLIES 6
Pieter 't Hart
Honored Contributor

Re: DHCP snooping option 82 clarification

from reading the manuals (2600-2800-4100-6108-Advanced Traffic management Guide Oct2005) I see no reference to dhcp-snooping on the 2600 series.
I see only option-82 support mentioned is when configuring dhcp-relay.
As the relay is not on this switch configuring this option is "no option".
Pieter 't Hart
Honored Contributor

Re: DHCP snooping option 82 clarification

Also option-82 is applied to a "routing switch".
so if the switch has no ip-address in the vlan it will not do anything with the packet.
Mohammed Faiz
Honored Contributor

Re: DHCP snooping option 82 clarification

Hi,

> I see only option-82 support mentioned is
> when configuring dhcp-relay.
> As the relay is not on this switch
> configuring this option is "no option".

It still seems to enable it on the switch however. The below is from a 2650 that I've just run the "dhcp-snooping" and then "sh dhcp-snooping" commands on.

# sh dhcp-snooping

DHCP Snooping Information

DHCP Snooping : Yes
Enabled Vlans :
Verify MAC : Yes
Option 82 untrusted policy : drop
Option 82 Insertion : Yes
Option 82 remote-id : mac
.
.

> so if the switch has no ip-address in the
> vlan it will not do anything with the
> packet.

That's what I was hoping the answer was.
The part that put me off slightly was where the manual said:

"If DHCP snooping is enabled on a switch where an edge switch is also using
DHCP snooping, it is desirable to have the packets forwarded so the DHCP
bindings are learned. To configure the policy for DHCP packets from untrusted
ports that already have Option 82 present, enter this command..."

Are they implying here that the edge switch is also routing?

Thanks,

Mo
Pieter 't Hart
Honored Contributor
Solution

Re: DHCP snooping option 82 clarification

OK only read the manual :
http://www.hp.com/rnd/support/manuals/2650_6108.htm
Thos doc is from 2005.
the release notes say :
Release H.08.105 includes the following enhancement.
â   Added DHCP Protection enhancement for switch 2600.
DHCP Snooping

so dhcp-snooping support is added later.

Yes, the text you quote describes the situation where yes the edge switch is routing and acting as ip-helper.
But multiple ip-helpers are used in the path to reach the dhcpserver.

This first (primary) ip-helper then is not configured directly with the address of the dhcp-server, but forwards requests to another router (also configured with ip-helper) to forward dhcp-requests.
Pieter 't Hart
Honored Contributor

Re: DHCP snooping option 82 clarification

Mohammed Faiz
Honored Contributor

Re: DHCP snooping option 82 clarification

Great, thanks for the confirmation. The information in the release notes seems to mirror the information in the 5400zl manuals.
I've done some initial testing with a 2610 and it all seems to be working as expected but I've turned off the option 82 insertion option anyway as it shouldn't be needed on my edge switches.