HP Cisco Catalyst Blade Switch 3020 Cisco Catalyst Blade Switch 3020 for HP Co - Page 133
ip dhcp snooping information option allow-untrusted
View all HP Cisco Catalyst Blade Switch 3020 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 133 highlights
Chapter 2 Cisco Catalyst Blade Switch 3020 for HP Cisco IOS Commands ip dhcp snooping information option allow-untrusted ip dhcp snooping information option allow-untrusted Use the ip dhcp snooping information option allow-untrusted global configuration command on an aggregation switch to configure it to accept DHCP packets with option-82 information that are received on untrusted ports that might be connected to an edge switch. Use the no form of this command to return to the default setting. ip dhcp snooping information option allow-untrusted no ip dhcp snooping information option allow-untrusted Syntax Description This command has no arguments or keywords. Defaults The switch drops DHCP packets with option-82 information that are received on untrusted ports that might be connected to an edge switch. Command Modes Global configuration Command History Release 12.2(25)SEF Modification This command was introduced. Usage Guidelines You might want an edge switch to which a host is connected to insert DHCP option-82 information at the edge of your network. You might also want to enable DHCP security features, such as DHCP snooping, on an aggregation switch. However, if DHCP snooping is enabled on the aggregation switch, the switch drops packets with option-82 information that are received on an untrusted port and does not learn DHCP snooping bindings for connected devices on a trusted interface. If the edge switch to which a host is connected inserts option-82 information and you want to use DHCP snooping on an aggregation switch, enter the ip dhcp snooping information option allow-untrusted command on the aggregation switch. The aggregation switch can learn the bindings for a host even though the aggregation switch receives DHCP snooping packets on an untrusted port. You can also enable DHCP security features on the aggregation switch. The port on the edge switch to which the aggregation switch is connected must be configured as a trusted port. Note Do not enter the ip dhcp snooping information option allow-untrusted command on an aggregation switch to which an untrusted device is connected. If you enter this command, an untrusted device might spoof the option-82 information. OL-8916-01 Cisco Catalyst Blade Switch 3020 for HP Command Reference 2-105