Application examples
My school is a student apartment, PC owns about 1000 units. Using DHCP assigned IP address, with 4 C class addresses, the actual number of addresses available is about 1000. Because of the frequent presence of private DHCP servers in the building, a large number of hosts cannot be assigned to legitimate IP addresses, and because a significant number of hosts specify IP addresses, conflicts with DHCP-assigned IP addresses are caused. The above two aspects, all caused the apartment building a large number of hosts can not normally access the network.
After a period of analysis and experimentation, we decided to deploy DHCP snooping and dynamic ARP inspection to the apartment building to ensure the normal operation of the network.
The use of the apartment network equipment is as follows, the access layer for the XX 2950 switch to the stack of 4 3750, and then through the fiber to the convergence layer of 3750 switches. At the same time, the 3750 switch of the convergence layer is also a DHCP server.
Deployment process
The DHCP snooping is configured first by the following procedure
1 Configure terminal
2 IP DHCP snooping enable DHCP snooping in global mode
3 IP DHCP snooping VLAN 103 enables DHCP snooping in VLAN 103
4 IP DHCP snooping information option Enable the switch to insert and remove DHCP relay information (option-82 field) in fo rwarded DHCP request messages to the DHCP server. The default is enabled.
5 interface Gigabitethernet1/0/28, entering the 28th port of the switch
6 IP DHCP snooping trust to set the 28th port as trusted
7 IP DHCP snooping limit rate 500 sets the maximum number of DHCP packets handled per second
9 End Exit
After the configuration is complete, you can observe the DHCP snooping health by using the following command:
Show ip DHCP snooping
Get the following information:
Switch DHCP snooping is enabled
DHCP snooping is configured on following VLANs:
103
Insertion of option is enabled
Verification of hwaddr field is enabled
Interface Trusted Rate Limit (PPS)
------------------------ ------- ----------------
GIGABITETHERNET1/0/22 Yes Unlimited
GIGABITETHERNET1/0/24 Yes Unlimited
GIGABITETHERNET1/0/27 Yes Unlimited
GIGABITETHERNET1/0/28 No 500
show ip DHCP snooping binding, get the following information:
MacAddress IPAddress Lease (sec) Type VLAN Interface
------------------ --------------- -----------
00:11:09:11:51:16 210.77.5.201 3209 dhcp-snooping gigabiteth
00:50:8d:63:5a:05 210.77.6.134 2466 dhcp-snooping GIGABITETHERNET1/0/28
00:e0:4c:a17:80 210.77.4.26 3070 dhcp-snooping GIGABITETHERNET1/0/28
00:0f:ea:a8:bc:22 210.77.5.198 1887 dhcp-snooping Gigabitethernet1/0/28
10:e0:8c:50:805 210.77.5.95 3034 dhcp-snooping GIGABITETHERNET1/0/28
00:03:0d:0e:9a:a5 210.77.6.230 3144 dhcp-snooping GIGABITETHERNET1/0/28
00:50:8d:6c:08:9f 210.77.4.17 3012 dhcp-snooping GIGABITETHERNET1/0/28
00:e0:50:00:0b:54 210.77.6.18 3109 dhcp-snooping GIGABITETHERNET1/0/28
00:0f:ea:13:40:54 210.77.7.7 2631 dhcp-snooping GIGABITETHERNET1/0/28
00:e0:4c:45:21:e9 210.77.7.77 2687 dhcp-snooping GIGABITETHERNET1/0/28