You must specify the ports connected to the authorized DHCP servers as trusted to ensure that DHCP
clients can obtain valid IP addresses. The trusted port and the port connected to the DHCP client

must be in the same VLAN.

•

You can specify Layer 2 Ethernet ports and Layer 2 aggregate interfaces as trusted ports. For more
information about aggregate interfaces, see the Layer 2—LAN Switching Configuration Guide.

•

If a Layer 2 Ethernet port is added to an aggregation group, the DHCP snooping configuration of
the interface will not take effect. After the interface quits the aggregation group, the configuration

will be effective.

•

DHCP snooping can work with basic QinQ or flexible QinQ. When receiving a packet without any
VLAN tag from the DHCP client to the DHCP server, the DHCP snooping device adds a VLAN tag

to the packet. If the packet has one VLAN tag, the device adds another VLAN tag to the packet and

records the two VLAN tags in a DHCP snooping entry. The newly added VLAN tag is the outer tag.

If the packet has two VLAN tags, the device directly forwards the packet to the DHCP server without
adding any tag. If you need to add a new VLAN tag and meanwhile modify the original VLAN tag

for the packet, DHCP snooping cannot work with flexible QinQ.

Configuration procedure

Follow these steps to configure DHCP snooping basic functions:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enable DHCP snooping

dhcp-snooping

Required
Disabled by default.

This manual is related to the following products:

H3C S6300 Series Switches H3C S5800 Series Switches H3C S5820X Series Switches H3C S5820V2 Series Switches H3C S5830 Series Switches H3C S5830V2 Series Switches H3C S3600V2 Series Switches