Posted on August 26, 2021 9:02 pm
 |  Asked by Mahendra Rambarran
 |  80 views
0
0
Print Friendly, PDF & Email

Hello,

How do you implement DHCP Snooping on Arista switches? Is DHCP Snooping only supported on certain switch models?

From what I read, to implement, you issue the following

ip dhcp snooping
ip dhcp snooping vlan number
ip dhcp snooping information option
Under the corresponding vlan – specify ip helper-address x.x.x.x

How does the switch know which port is the trusted port for Offer and ACK messages?

Thanks!

-M

0
Answered on August 27, 2021 10:29 am

Hi Mahendra,

Thanks for reaching out.

DHCP snooping is disabled by default:
switch(conf)#show ip dhcp snooping
DHCP Snooping is disabled

To enable DHCP snooping globally, you need to issue 'ip dhcp snooping' command:
switch(config)#ip dhcp snooping

 

Also please refer to the platform compatibility section in the below doc to find the platform models that support DHCP snooping:

https://eos.arista.com/eos-4-25-2f/dhcp-snooping/

To enable DHCP snooping on specific Vlans, you can utilize the 'ip dhcp snooping vlan 10, 20' command:
switch(config)#ip dhcp snooping vlan 10, 20

switch(config)#ip dhcp snooping information option
switch(config)#sh ip dhcp snooping
DHCP Snooping is enabled
DHCP Snooping is not operational
DHCP Snooping is configured on following VLANs:
10,20
DHCP Snooping is operational on following VLANs:
None
Insertion of Option-82 is enabled
Circuit-id sub-option Type: 0
Circuit-id format: Interface name:Vlan ID
Remote-id: 28:99:3a:b2:1f:c7 (Switch MAC)

Yes your configuration looks good.

Currently, we do not have support to configure DHCP snooping port trust feature. We have an existing RFE tracking this feature.

 

IP locking feature may be something worth looking into. It does require support for leasequery (rfc4388).
Here is a reference about the feature:

https://eos.arista.com/eos-4-23-2f/ip-locking-release-updates/

https://www.arista.com/en/um-eos/eos-ip-locking

 

Thanks,

Bhavana.

Post your Answer

You must be logged in to post an answer.