2.1.a DHCP snooping
first a word from ethan banks about the wonders of dhcp snooping, and the perils of the information option…
global configuration (from running-config):
ip dhcp snooping vlan 300
ip dhcp snooping
note: I added the command:
ip dhcp snooping information option
but it didn’t show up in the running config (it is the default). see above link.
set the trusted port
ip dhcp snooping trust
there is little configuration to set on the untrusted ports, however, as ethan suggests you might want to rate limit the rquests so the dhcp server doesn’t get bombarded:
that is pps in the figure which would be 600 a minute.
note below: i have configured int f0/21 as the trusted port which is connected to the dhcp server. also note the criteria that snooping imposes, ie ingress port, vlan, mac address.