Example: Configuring basic DHCP snooping features for a VLAN

As shown in Figure 34, Switch B is connected to the authorized DHCP server through Ten-GigabitEthernet 1/0/1, to the unauthorized DHCP server through Ten-GigabitEthernet 1/0/3, and to the DHCP client through Ten-GigabitEthernet 1/0/2.

Configure only the port in VLAN 100 connected to the authorized DHCP server to forward the responses from the DHCP server. Enable the port in VLAN 100 to record clients' IP-to-MAC bindings by reading DHCP-ACK messages received from the trusted port and the DHCP-REQUEST messages.

	IMPORTANT: By default, interfaces on the device are disabled (in ADM or Administratively Down state). To have an interface operate, you must use the undo shutdown command to enable that interface.

# Assign Ten-GigabitEthernet 1/0/1, Ten-GigabitEthernet 1/0/2, and Ten-GigabitEthernet 1/0/3 to VLAN 100.

<SwitchB> system-view
[SwitchB] vlan 100
[SwitchB-vlan100] port ten-gigabitethernet 1/0/1 to ten-gigabitethernet 1/0/3
[SwitchB-vlan100] quit

# Enable DHCP snooping for VLAN 100.

[SwitchB] dhcp snooping enable vlan 100

# Configure Ten-GigabitEthernet 1/0/1 as DHCP snooping trusted port.

[SwitchB] vlan 100
[SwitchB-vlan100] dhcp snooping trust ten-gigabitethernet 1/0/1

# Enable recording clients' IP-to-MAC bindings in VLAN 100.

[SwitchB-vlan100] dhcp snooping binding record
[SwitchB-vlan100] quit

# Verify that the DHCP client can obtain an IP address and other configuration parameters only from the authorized DHCP server. (Details not shown.)

# Display the DHCP snooping entry recorded for the client.

[SwitchB] display dhcp snooping binding