dhcp snooping

  • 0
  • 1
  • Question
  • Updated 3 years ago
  • Answered
Hello!

When configure L2 dhcp relay (dhcp snooping+trusted server), do I need also #enable bootprelay?

Thank you!
Photo of Alexandr P

Alexandr P, Embassador

  • 12,596 Points 10k badge 2x thumb

Posted 3 years ago

  • 0
  • 1
Photo of Alexandr P

Alexandr P, Embassador

  • 12,596 Points 10k badge 2x thumb
Topology like this:
DHCP server (192.168.0.100) <-> Router (10.0.0.1) <-> (10.0.0.2) Extreme switch (vlans without IP) <-> clients in different vlans.

Thank you!
Photo of Justin Schmidt

Justin Schmidt

  • 220 Points 100 badge 2x thumb
Yes I believe you need "enable bootprelay"
Photo of Matthew Hum

Matthew Hum, Principal Engineer, APAC

  • 1,542 Points 1k badge 2x thumb
Bootprelay will not work on the extreme switch if there are no IPs on the VLANs. you should enable the bootprelay or ip-helper address on the same device that hosts the default gateway for your clients.

I you try enabling bootprelay on another switch that does not have an ip interface on that vlan, the switch will not know where to forward the dhcp request from.
Photo of Alexandr P

Alexandr P, Embassador

  • 12,596 Points 10k badge 2x thumb
EXOS_User_Guide say:
"This section discusses DHCP/BOOTP relay operation at Layer 3. 
For information on DHCP/BOOTP relay operation at Layer 2, see DHCP Snooping and Trusted DHCP Server."
Testing is show this Clients VLAN with Ip working normally, without - BOOTPREKAY don't work.

So main question is:
Is we have Clients VLANs without IPs and uplink VLAN to router with IP, do I have to configure dhcp-snooping with bootprelay enabled or only enable dhcp-snooping?

Thank you!
Photo of Matthew Hum

Matthew Hum, Principal Engineer, APAC

  • 1,542 Points 1k badge 2x thumb
Sorry, I misread the question and assumed you were trying to enable NAC's DHCP snooping functionality.
Switch DHCP snooping and ARP inspection should not require bootprelay as the DHCP forwarder can be at a higher level (the default gateway). So all you should need to configure is dhcp-snooping.