Configure Dynamic Host Configuration Protocol (DHCP) Snooping and Relay Settings on your Switch

Available Languages

Download Options

PDF (327.0 KB)
View with Adobe Reader on a variety of devices
ePub (451.2 KB)
View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
Mobi (Kindle) (356.8 KB)
View on Kindle device or Kindle app on multiple devices

Updated:December 13, 2018

Document ID:SMB5406

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Configure Dynamic Host Configuration Protocol (DHCP) Snooping and Relay Settings on your Switch

Objective

Dynamic Host Configuration Protocol (DHCP) is a service that runs at the application layer of the Transmission Control Protocol/Internet Protocol (TCP/IP) stack to dynamically assign IP addresses to DHCP clients, and to allocate TCP/IP configuration information to DHCP clients. DHCP snooping is a security feature which acts as a firewall between untrusted hosts and trusted DHCP servers.

Snooping prevents false DHCP responses and monitor clients. They can prevent man-in-the-middle attacks and authenticate host devices. The DHCP snooping binding database is also used by IP source guard and Address Resolution Protocol (ARP) inspection. In Layer 3 switches, DHCP relay and snooping can be enabled on any interface with an IP address and on Virtual Local Area Networks (VLANs) with or without an IP address.

This article provides instructions on how to configure DHCP Properties on a switch which also facilitates the configuration of the DHCP Snooping and DHCP Relay.

Applicable Devices

Sx350 Series
SG350X Series
Sx550X Series

Software Version

2.2.5.68

Configure DHCP Snooping and Relay Settings on a Switch

Enable DHCP Snooping and Relay Settings

Step 1. Log in to the web-based utility of your switch then choose Advanced in the Display Mode drop-down list.

Step 2. Choose IP Configuration > IPv4 Management and Interfaces > DHCP Snooping/Relay > Properties.

Note: Menu options may vary depending on the device model. In this example, SG350X-48MP is used.

Step 3. (Optional) Check Enable Option 82 check box to insert Option 82 information into packets. This feature is disabled by default.

Note: DHCP messages are broadcast messages which cannot cross from one network to another. DHCP relay forwards the broadcast messages to a different network. It also adds option 82 to provide additional information on the client to the routing network. Option 82 is not needed when DHCP relay is enabled. However, if you use an external agent to do DHCP relay, option 82 needs to be enabled (Transparent DHCP relay). Option 82 helps the router to choose the client from the network pool.

Step 4. (Optional) Check the Enable DHCP Relay check box to enable DHCP relay feature. This feature is disabled by default.

Step 5. In the DHCP Snooping area, check the Enable DHCP Snooping Status check box to enable DHCP Snooping. This feature is disabled by default.

Step 6. (Optional) Check the Enable Option 82 Pass Through check box to enable packets from an untrusted source which have option 82 information. The packets from trusted interfaces are always forwarded. This option can only be configured if DHCP Snooping is enabled.

Step 7. (Optional) Make sure the Enable Verify MAC Address check box is enabled to force the device to verify whether the source Media Access Control (MAC) address of the Layer 2 header matches the client hardware address or not. This option is enabled by default.

Step 8. (Optional) Check the Enable Backup Database check box to back up the DHCP Snooping Binding database on the flash memory of the device. This option can only be configured if DHCP Snooping is enabled.

Step 9. Click Apply to apply the settings to the running configuration file.

Step 10. (Optional) Click Save to save settings to the startup configuration file.

You should now have enabled the DHCP Snooping and Relay settings on the switch.

Add a DHCP Server to the DHCP Relay Table

The DHCP server assigns and maintains an IP addresses database. Typically, the DHCP server is a router.

Step 1. In the DHCP Relay Server Table, click Add to define a DHCP server.

Step 2. The IP version is displayed in the IP Version area automatically. Enter the IP address of the DHCP server in the DHCP Server IP Address field.

Note: In this example, 192.168.1.1 is used.

Step 3. Click Apply then click Close. The settings are written to the running configuration file.

Step 4. (Optional) Click Save to save settings to the startup configuration file.

You should now have successfully added a DHCP Server to the DHCP Relay Server Table.

Delete a DHCP Server from the DHCP Relay Table

Step 1. In the DHCP Relay Server Table, check the box next to the DHCP server IP address you would like to delete.

Step 2. Click the Delete button to delete the server.

Step 3. (Optional) Click Save to save settings to the startup configuration file.

The DHCP server should now have been deleted from your switch.

You should now have configured the DHCP Snooping and Relay settings on your switch.

Was this Document Helpful?

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)