Cisco 350 Series Administration Manual page 379

16
292
Overview
DHCPv4 Snooping Overview
DHCP snooping provides a security mechanism to prevent receiving false DHCP response
packets and to log DHCP addresses. It does this by treating ports on the device as either trusted
or untrusted.
A trusted port is a port that is connected to a DHCP server and is allowed to assign DHCP
addresses. DHCP messages received on trusted ports are allowed to pass through the device.
An untrusted port is a port that is not allowed to assign DHCP addresses. By default, all ports
are considered untrusted until you declare them trusted (in the Interface Settings page).
DHCPv4 Relay Overview
DHCP Relay relays DHCP packets to the DHCP server.
The device can relay DHCP messages received from VLANs that do not have IP addresses.
Whenever DHCP Relay is enabled on a VLAN without an IP address, Option 82 is inserted
automatically. This insertion is in the specific VLAN and does not influence the global
administration state of Option 82 insertion.
Transparent DHCP Relay
For Transparent DHCP Relay where an external DHCP relay agent is being used, do the
following:
• Enable DHCP Snooping.
• Enable Option 82 insertion.
• Disable DHCP Relay.
For regular DHCP Relay:
• Enable DHCP Relay.
• No need to enable Option 82 insertion.
Option 82
Option 82 (DHCP Relay Agent Information Option) passes port and agent information to a
central DHCP server, indicating where an assigned IP address physically connects to the
network.
The main goal of option 82 is to help to the DHCP server select the best IP subnet (network
pool) from which to obtain an IP address.
Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4
IP Configuration
IPv4 Management and Interfaces