The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
DHCP is a service that runs at the application layer of the TCP/IP protocol stack to dynamically assign IP addresses to DHCP clients, and to allocate TCP/IP configuration information to DHCP clients. DHCP snooping acts similar to a firewall that adds security between untrusted hosts and DHCP servers that are trusted. Snooping prevents false DHCP responses and also monitors clients. This is useful as it can prevent man-in-the-middle attacks because it authenticates host devices. The DHCP snooping binding database is also used by IP source guard and ARP inspection. In layer 3 switches, DHCP relay and snooping can be enabled on any interface with an IP address and on VLANs with or without an IP address.
This article explains how to configure DHCP properties on ESW2-550X stackable managed switches.
Step 1. Log in to the switch configuration utility and choose IP Configuration > DHCP > Properties. The Properties page opens:
Step 2. (Optional) At the Option 82 field, check Enable to insert Option 82 information into packets. This field is disabled by default.
DHCP messages are broadcast messages which cannot cross from one network to another. A DHCP relay forwards the broadcast messages to a different network. It also adds option 82 to provide additional information on the client to the routing network. Option 82 is not needed when DHCP relay is enabled. However, if you use an external agent to do DHCP relay, option 82 needs to be enabled (Transparent DHCP relay). Option 82 helps the router to choose the client from the network pool.
Step 3. (Optional) At the DHCP Relay field, check Enable to enable DHCP relay feature. DHCP relay is used when client and server are not on same LAN. DHCP accepts the client broadcast and forwards it to the server on another subnet. This field is disabled by default.
Step 4. At the DHCP Snooping status field, check Enable to enable DHCP Snooping.
Step 5. (Optional) At the Option 82 Passthrough field, check Enable to forward packets from an untrusted source which have option 82 information. The packets from trusted interfaces are always forwarded.
Step 6. (Optional) At the Verify MAC Address field, check Enable to force the device to verify whether the source MAC address of the Layer 2 header matches the client hardware address or not.
Step 7. (Optional) At the Backup Database field, check Enable to backup the DHCP Snooping Binding database on the flash memory of the device.
Step 8. If Backup Database is enabled, enter the interval of how often the DHCP Snooping Binding Database backs up in the Backup Database Update Interval field. The range is from 600 to 86400 seconds. The default value is 1200 seconds.
Step 9. Click Apply to apply the settings to the running configuration file.
Note: The DHCP Relay check box must be checked before you proceed any further.
Step 1. Log in to the switch configuration utility to choose IP Configuration > DHCP > Properties. The Properties page opens:
Step 2. Under the DHCP Relay Server Table, click Add to define a DHCP server. The DHCP server assigns and maintains an IP addresses database. Typically the DHCP server is a router. The Add DHCP Server window appears:
Step 3. Enter the IP address of the DHCP server in the DHCP Server IP Address field.
Step 4. Click Apply. The settings are written to the running configuration file.