SWITCH 300-115 2.1 Configure and verify switch security features

2.1.a DHCP snooping

first a word from ethan banks about the wonders of dhcp snooping, and the perils of the information option…

http://packetpushers.net/ccnp-studies-configuring-dhcp-snooping/

global configuration (from running-config):

ip dhcp snooping vlan 300
ip dhcp snooping

note: I added the command:

ip dhcp snooping information option

but it didn’t show up in the running config (it is the default). see above link.

set the trusted port

ip dhcp snooping trust

there is little configuration to set on the untrusted ports, however, as ethan suggests you might want to rate limit the rquests so the dhcp server doesn’t get bombarded:

sw dhcp snoop int

that is pps in the figure which would be 600 a minute.

note below: i have configured int f0/21 as the trusted port which is connected to the dhcp server. also note the criteria that snooping imposes, ie ingress port, vlan, mac address.

switch sh dhcp snoop