#format wiki
#language en
= Cisco DHCP Snooping =
 * Cisco switch listens to dhcp traffic and protects against rogue DHCP servers.
 * Links
   * http://packetpushers.net/ccnp-studies-configuring-dhcp-snooping/
 * Example - for 48 port switch with '''uplinks on 49-51''' and '''router with ip helper on 1''' and pc's in '''vlan 64'''
{{{
ip dhcp snooping 
ip dhcp snooping vlan 64     
ip dhcp snooping information option format remote-id hostname 
ip dhcp snooping database flash:dhcp-snooping-info

int range Gig 1/0/49-52 , Gig 1/0/1                            
ip dhcp snooping trust       
}}}
  * Monitor with 
{{{
sh ip dhcp snooping
sh ip dhcp snooping binding 
sh ip dhcp snooping database
}}}

 * For more security add Source Guard, limiting traffic to valid dhcp configured devices on a per port basis
   *  ip verify source vlan dhcp-snooping