Test topology
Environment: DHCP server and client are in different network segments
Configuration of DHCP server
No IP routing IP dhcp pool vlan27 172.28.27.0 255.255.255.0 172.28.27.254 172.28.28.15 172.28.28.16 172.28.28.254
configuration of the L3-switch
interface Vlan27 IP DHCP relay information trusted172.28.27.254 255.255.255.0 IP helper-address 172.28.28.253
Access Switch configuration
IP DHCP snooping VLANIP dhcp snoopinginterface GigabitEthernet0/1mode trunk media- type Duplex Full no negotiation auto IP DHCP snooping trust
Description: The L3 switch here also needs to configure IP DHCP relay information trusted command (within the VLAN) or globally configure IP DHCP relay information trust-all , the original example of the previous blog is the same reason
Because the Access-switch access layer switch turns on IP DHCP snooping information option by default, At this point the access layer switch inserts the OPTION82 information into the DHCP request message from the client (see here for option82), because DHCP server and the client are in the same network segment and are not DHCP relay agents, for Cisco's DHCP In the case of a server, if a request packet with Option82 is received, it is considered a request message from a DHCP relay agent, and the Giaddr field of the message is checked, but because it belongs to the same network segment, the field is 0.0.0.0 DHCP. The server will consider an illegal address, and this message will be discarded, causing the client to obtain no IP address
(iv) Cisco DHCP snooping instance 2-multi-switch environment (DHCP server and DHCP client in different VLANs)