beautypg.com

6 dhcp snooping information option allow-untrusted – CANOGA PERKINS 9175 Command Reference User Manual

Page 632

background image

CanogaOS Command Reference

36-5

36.6 dhcp snooping information option allow-untrusted

Use the dhcp snooping information option allow-untrusted global configuration command on an

aggregation switch to configure it to accept DHCP packets with option-82 information that are received

on untrusted ports that might be connected to an edge switch. Use the no form of this command to

return to the default setting.


Command Syntax

dhcp snooping information option allow-untrusted

no dhcp snooping information option allow-untrusted

Default

The switch drops DHCP packets with option-82 information that are received on untrusted ports that

might be connected to an edge switch.


Command Mode

Global configuration


Usage

You might want an edge switch to which a host is connected to insert DHCP option-82 information at the

edge of your network. You might also want to enable DHCP security features, such as DHCP snooping,

IP source guard, or dynamic Address Resolution Protocol (ARP) inspection, on an aggregation switch.

However, if DHCP snooping is enabled on the aggregation switch, the switch drops packets with

option-82 information that are received on an untrusted port and does not learn DHCP snooping

bindings for connected devices on a trusted interface.

If the edge switch to which a host is connected inserts option-82 information and you want to use DHCP

snooping on an aggregation switch, enter the dhcp snooping information option allow-untrusted

command on the aggregation switch. The aggregation switch can learn the bindings for a host even

though the aggregation switch receives DHCP snooping packets on an untrusted port. You can also

enable DHCP security features on the aggregation switch. The port on the edge switch to which the

aggregation switch is connected must be configured as a trusted port.


Examples

This example shows how to configure an access switch to not check the option-82 information in

untrusted packets from an edge switch and to accept the packets:

Switch(config)# dhcp snooping information option allow-untrusted


Related Commands

show dhcp snooping config

show dhcp snooping binding

See also other documents in the category CANOGA PERKINS Computer hardware: