dhcp snooping

I have a network topology like this:

snoopSwitch-------------Router----------------distSwitch---------------userSwitch | | | DHCP Server------------serverSwitch

  1. All uplinks are Fa0/1

  1. snoopSwitch, distSwitch, and userSwitch have vlans 571 and 832

  2. serverSwitch does NOT have vlans 571 or 832

  1. Router has vlan interfaces for all vlans and helper addresses on each vlan interface that point to DHCP Server.

  2. snoopSwitch has dhcp snooping enabled with the following config:

ip dhcp snooping ip dhcp snooping vlan 832 no ip dhcpd snooping information option

interface FastEthernet0/1 switchport trunk encap dot1q switchport mode trunk ip dhcp snooping trust speed 100 duplex full

  1. No other devices have dhcp snooping enabled in any fashion.

Under this setup, a user plugged into a port on userSwitch that is in vlan 571 can no longer receive from the DHCP Server. Is this correct behavior?

Does dhcp snooping have to be set up on every device in the network for it to work right? Or does it have to be set up on every device with a certain vlan? Or is it possible some way to just set it up for one vlan on one single switch?

Kyle

Reply to
Kyle Evans
Loading thread data ...

The port you need to trust is the port with the DHCP server connected to it, not the uplink to the router. What you need to "trust" is the port sending the DHCP reply message, not the port receiving the reply.

Scott

snoopSwitch-------------Router----------------distSwitch---------------userSwitch

Reply to
Thrill5

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.