Basic DHCP Snooping Lab

One very easy thing that I wanted to review was DHCP snooping. There isn’t much to it, but it’s a good thing to review. Take a look at the lab topology. SW3 is the DHCP server that also has the SVI for vlan 2 that we are working with. We have a router hanging off of SW2 on a vlan 2 access port then. This will simulate a client PC connected to that switch. There are two steps to working with DHCP Snooping that will be covered: working on the switch the endpoint is on and the switch the DHCP server is on.

Switch 2 – Endpoint Switch

This switch wasn’t too bad. We are going to enable DHCP snooping globally and then for the specific vlan in question. Those commands look like this:

ip dhcp snooping
ip dhcp snooping vlan 2

Then, we need to make sure that DHCP replies from the uplinking trunk port are allowed, since that’s the connection to our DHCP server. That is done by using the following command on the interface config:

Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#int e0/0
Switch(config-if)#ip dhcp snooping trust

That will take care of SW2.

Switch 3 – SVI and DHCP Server

If you do a debug at this point on SW3 ( debug ip dhcp server packet ) you will get the following error message:

DHCPD: inconsistent relay information.
DHCPD: relay information option exists, but giaddr is zero.

There is a valid explanation for this. When DHCP Snooping is used, it adds the option 82 into DHCP messages for the receiving clients. There is a field in the message that includes an address called the GIADDR. When DHCP Snooping is used, that field has the value stripped, thus you receive the error above about it being zero. There is an easy for for this though. Simply enter the command:

Switch(config)#ip dhcp relay information trust-all

Shortly after that, you will see the switch hand out an IP address for our test client if you still have the debug running:

DHCPD: DHCPDISCOVER received from client 0063.6973.636f.2d61.6162.622e.6363.3030.2e35.3030.302d.4574.302f.30 on interface Vlan2.
DHCPD: using received relay info.
DHCPD: Sending DHCPOFFER to client 0063.6973.636f.2d61.6162.622e.6363.3030.2e35.3030.302d.4574.302f.30 (

And that’s all there is to it! You should now have a functioning DHCP Server with snooping enabled on the access switch.



Cisco CCNP, Senior Network Engineer in the Healthcare Industry. Currently working on my CCIE R&S which is the focus of most of my latest blog posts. #NFD15 Delegate.

One thought on “Basic DHCP Snooping Lab

Leave a Reply

Your email address will not be published. Required fields are marked *