Re: DHCP snooping across several switches

It seems that this message did not make into the group (google does not show it), so I repeat.

Please consider the following setup (use a fixed width font):

CustomerB | Server -Fe0/1- SwitchA -Fe0/2- SwitchB - CustomerA | CustomerC

I enable DHCP snooping on SwitchA and mark port Fe0/1 as trusted. Everything works fine for the customers.

However as soon as I enable DHCP snooping on SwitchB also, SwitchA refuses to forward DHCP requests from CustomerA to Server because:

SwitchA: DHCP_SNOOPING: drop message with non-zero giaddr or option

82 value on untrusted port, message type: DHCPREQUEST

On SwitchA, I tried to mark Fe0/2 also as trusted, but this causes a broadcast storm of DHCPREQUESTs (it seems that SwitchA receives a DHCPREQUEST from CustomerA via Fe0/2 and forwards it back to Fe0/2 because it is a trusted port).

Any ideas how I could protect the whole switched network from rogue DHCP servers? There is only one authorized DHCP server (the Server behind SwitchA).

Reply to
Victor Sudakov
Loading thread data ...

USE same vlan for customer A

Reply to

All the customers are in the same vlan.

Reply to
Victor Sudakov

And the DHCP server is in this vlan too. Any more ideas?

Reply to
Victor Sudakov Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.