C H A P T E R 18
Configuring DHCP Features
This chapter describes how to configure Dynamic Host Configuration Protocol (DHCP) snooping and
the option-82 data insertion features on the Catalyst 3560 switch.
For complete syntax and usage information for the commands used in this chapter, see the command
reference for this release, and refer to the “IP Addressing and Services” section in the Cisco IOS IP and
IP Routing Command Reference for Release 12.1.
This chapter consists of these sections:
• Understanding DHCP Features, page 18-1
• Configuring DHCP Features, page 18-3
• Displaying DHCP Information, page 18-5
Understanding DHCP Features
DHCP is widely used in LAN environments to dynamically assign host IP addresses from a centralized
server, which significantly reduces the overhead of administration of IP addresses. DHCP also helps
conserve the limited IP address space because IP addresses no longer need to be permanently assigned
to hosts; only those hosts that are connected to the network consume IP addresses.
DHCP snooping is a DHCP security feature that provides network security by filtering untrusted DHCP
messages and by building and maintaining a DHCP snooping binding table. An untrusted message is a
message that is received from outside the network or firewall that can cause traffic attacks within your
The DHCP snooping binding table contains the MAC address, IP address, lease time, binding type,
VLAN number, and interface information that corresponds to the local untrusted interfaces of a switch;
it does not contain information regarding hosts interconnected with a trusted interface. An untrusted
interface is an interface that is configured to receive messages from outside the network or firewall. A
trusted interface is an interface that is configured to receive only messages from within the network.
DHCP snooping acts like a firewall between untrusted hosts and DHCP servers. It also gives you a way
to differentiate between untrusted