6 dhcp snooping information option allow-untrusted – CANOGA PERKINS CanogaOS Command Reference User Manual

Page 703

background image

CanogaOS Command Line Reference

Revision 1.02

Proprietary & Confidential Canoga Pertkins Metro Ethernet Switches

Page 703 of 855

show dhcp snooping config
show dhcp snooping binding

36.6 dhcp snooping information option allow-untrusted

Use the dhcp snooping information option allow-untrusted global configuration command on an
aggregation switch to configure it to accept DHCP packets with option-82 information that are received
on untrusted ports that might be connected to an edge switch. Use the no form of this command to
return to the default setting.


Command Syntax

dhcp snooping information option allow-untrusted
no dhcp snooping information option allow-untrusted

Default

The switch drops DHCP packets with option-82 information that are received on untrusted ports that
might be connected to an edge switch.


Command Mode

Global configuration


Usage

You might want an edge switch to which a host is connected to insert DHCP option-82 information at
the edge of your network. You might also want to enable DHCP security features, such as DHCP
snooping, IP source guard, or dynamic Address Resolution Protocol (ARP) inspection, on an
aggregation switch. However, if DHCP snooping is enabled on the aggregation switch, the switch
drops packets with option-82 information that are received on an untrusted port and does not learn
DHCP snooping bindings for connected devices on a trusted interface.
If the edge switch to which a host is connected inserts option-82 information and you want to use
DHCP snooping on an aggregation switch, enter the dhcp snooping information option
allow-untrusted command on the aggregation switch. The aggregation switch can learn the bindings
for a host even though the aggregation switch receives DHCP snooping packets on an untrusted port.
You can also enable DHCP security features on the aggregation switch. The port on the edge switch to
which the aggregation switch is connected must be configured as a trusted port.


Examples

This example shows how to configure an access switch to not check the option-82 information in
untrusted packets from an edge switch and to accept the packets:
Switch(config)# dhcp snooping information option allow-untrusted


Related Commands

show dhcp snooping config

See also other documents in the category CANOGA PERKINS Computer hardware: