Hello Mark, By default , *ip dhcp snooping information option *is enabled when one turns on DHCP snooping on a switch. Now, the issue with that, although the switch here is NOT acting as a DHCP relay, it still inserts the Option-82 field in the DHCP requests that it receives and sends it over to the DHCP server. In this case, since the switch is NOT acting as a relay ,so it will not modify the "giaddr" field that is present in the DHCP packet. This field is meant only for DHCP relays to modify.
Suppose, now you have an aggregation switch sitting in between our earlier switch and the DHCP server . If the aggregation switch has DHCP snooping enabled and if it receives a DHCP packet with the Option-82 field set and with a GiADDR or 0.0.0.0 on an untrusted interface , it will drop that packet. This i think is because the aggregation switch expects some non-zero IP on the giaddr field. So , to prevent this 1) We can disable option-82 information addition by the remote switch. This is using the *no ip dhcp snooping information option*. This way , the chances of the DHCP packet getting dropped on it's way to the DHCP server are less. * * 2) If we really want the Option-82 information to be present in the DHCP requests ( assuming that the DHCP server also supports option-82 based IP address allocation ), then we can configure the aggregate switch to allow Packets with a GiAddr of 0.0.0.0 by using the *ip dhcp snooping information option allow-untrusted. * Now the aggregation switch also learns about the DHCP Bindings . But this is not advisable because, this could lead to the aggregation switch accepting packets with spoofed Option-82 fields. Cheers, TacACK
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
