DHCP Snooping - Benefits
samuel.lao85
Member Posts: 19 ■□□□□□□□□□
in CCNP
I mates,
I'm currently preparing for CCNP Switch exam, it will be the 1st step for CCNP.
I'm a little confused about DHCP Snooping. I tried to configure it at home and it was a nightmare.
My lab is pretty simple:
- 2 switches 3550
- 1 2960
There is 1 3550 working as DHCP server for VLAN 2, so I decided to enable DHCP snooping on the remaining 3550 since my 3 switches are connected in a triangle fashion.
When I enabled DHCP Snooping on the remaining 3550 (not the DHCP server), there was a lot of messages about INVALID ARP. I guess was because I enabled ARP inspection dynamic too. So, my doubts are:
- Where should I enable DHCP snooping ? in all switches including the DHCP server switch ?
- Where should I enable IP SOURCE GUARD ? it should be enable in the DHCP server switch too ?
- Where should I enable ARP INSPECTION ? it should be enable in the DHCP server switch too ?
Thanks for your help guys.
Any advice would be appreciated.
I'm currently preparing for CCNP Switch exam, it will be the 1st step for CCNP.
I'm a little confused about DHCP Snooping. I tried to configure it at home and it was a nightmare.
My lab is pretty simple:
- 2 switches 3550
- 1 2960
There is 1 3550 working as DHCP server for VLAN 2, so I decided to enable DHCP snooping on the remaining 3550 since my 3 switches are connected in a triangle fashion.
When I enabled DHCP Snooping on the remaining 3550 (not the DHCP server), there was a lot of messages about INVALID ARP. I guess was because I enabled ARP inspection dynamic too. So, my doubts are:
- Where should I enable DHCP snooping ? in all switches including the DHCP server switch ?
- Where should I enable IP SOURCE GUARD ? it should be enable in the DHCP server switch too ?
- Where should I enable ARP INSPECTION ? it should be enable in the DHCP server switch too ?
Thanks for your help guys.
Any advice would be appreciated.
Comments
-
johnwest43
Member Posts: 294
Enable snooping on the switches that end points will connect to. If the switch that is acting as the dhcp server wont have end devices connecting to it there is no reason to enalbe snooping on that switch. Also dont forget to trust the interface(s) that connect to your dhcp server on the other 2 switches!CCNP: ROUTE B][COLOR=#ff0000]x[/COLOR][/B , SWITCH B][COLOR=#ff0000]x[/COLOR][/B, TSHOOT [X ] Completed on 2/18/2014