Using DHCP snooping with option 82
DHCP adds Option 82 (relay information option) to DHCP request packets received on untrusted ports by default. (See “Configuring DHCP Relay” in the management and configuration guide for more information on Option 82.)
DHCP snooping only overrides the Option 82 settings on a VLAN that has snooping enabled, not on VLANs without snooping enabled.
Syntax:
[no] dhcp-snooping option 82 [remote-id <mac|subnet-ip|mgmt-ip>][untrusted-policy <drop|keep|replace>]
Enables DHCP Option 82 insertion in the packet
remote-id
- Set the value used for the
remote-id
field of the relay information option.mac
The switch mac address is used for the remote-id. This is the default.
subnet-ip
The IP address of the VLAN the packet was received on is used for the remote-id. If
subnet-ip
is specified but the value is not set, the MAC address is used.mgmt-ip
The management VLAN IP address is used as the remote-id. If mgmt-ip is specified but the value is not set, the MAC address is used.
untrusted-policy
- Configures DHCP snooping behavior when forwarding a DHCP packet from an untrusted port that already contains DHCP relay information (Option 82). The default is
drop
.drop
The packet is dropped.
keep
The packet is forwarded without replacing the option information.
replace
The existing option is replaced with a new Option 82 generated by the switch.
The default drop
policy should
remain in effect if there are any untrusted nodes, such as clients,
directly connected to this switch.