Restrictions for DHCP Snooping
•
DHCP Snooping is supported only for port extender interfaces connected to the VLT peers.
•
DHCP server must be connected to the VLT peers only using VLT Port-channel.
•
DHCP Snooping is supported only FOR SPANNED VLANs.
•
Source address validation is not supported for VPLAG interfaces on VLT.
•
Port Extender does not support DHCP server.
Prerequisites for DHCP Snooping
•
DHCP Snooping should be enabled globally on both VLT peers.
•
The same Remote ID string and Remote ID host name should be configured on both VLT peers.
•
To enable DHCP Secondary subnet feature in VLT, ensure that the secondary IP address subnet is the
same in both VLT peers.
•
Apply similar dynamic ARP inspection and source address validation configurations on both VLT peers.
•
If you want to use the clear ip dhcp snooping binding command, use it individually on VLT
nodes.
•
In a dual-homed setup, you cannot configure DHCP snooping using batch mode. You can configure
DHCP snooping separately on each VLT peer.
•
In the event of snooping VLAN operation down or interface delete, the removal of snooping binding
entries is not synchronized to the VLT peer .
Enabling DHCP Snooping
To enable DHCP snooping, use the following commands.
1
Enable DHCP snooping globally.
CONFIGURATION mode
ip dhcp snooping
2
Specify ports connected to DHCP servers as trusted.
INTERFACE mode
ip dhcp snooping trust
3
Enable DHCP snooping on a VLAN.
CONFIGURATION mode
ip dhcp snooping vlan name
Adding a Static Entry in the Binding Table
To add a static entry in the binding table, use the following command.
•
Add a static entry in the binding table.
EXEC mode
EXEC Privilege mode
ip dhcp snooping binding mac
Dynamic Host Configuration Protocol (DHCP)
405