The following configuration creates two ports, a client-facing port and a server-facing port. Here, an untrusted DHCP snooping
profile is assigned to the client bridge port and trusted DHCP snooping profile is assigned to the server bridge port. And,
an untrusted DHCP snooping profile is assigned to the bridge domain and trusted DHCP snooping profiles are assigned to server
bridge ports.
RP/0/RSP0/CPU0:router# config
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
/* Configures an untrusted DHCP snooping profile for the client port */
RP/0/RSP0/CPU0:router(config-dhcpv4)# profile untrustedClientProfile snoop
RP/0/RSP0/CPU0:router(config-dhcpv4)# commit
RP/0/RSP0/CPU0:router(config-dhcpv4)# exit */
/* Enables DHCP for IPv4 and enters DHCP IPv4 profile configuration mode
RP/0/RSP0/CPU0:router(config)# dhcp ipv4 */
/* Configures a trusted DHCP snooping profile for the server port */
RP/0/RSP0/CPU0:router(config-dhcpv4)# profile trustedServerProfile snoop
/* Configures a DHCP snoop profile to be trusted
RP/0/RSP0/CPU0:router(config-dhcv4)# trusted */
RP/0/RSP0/CPU0:router(config-dhcv4)# commit
RP/0/RSP0/CPU0:router(config-dhcv4)# exit
RP/0/RSP0/CPU0:router(config)# l2vpn
/* Creates a bridge group to contain bridge domains and enters l2vpn bridge group configuration submode */
RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group ccc
/* Establishes a bridge domain */
RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain ddd
/* Identifies an interface */
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# interface TenGigE0/2/0/4/1.1
/* Attaches a trusted DHCP snoop profile to the bridge domain */
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)# dhcp ipv4 snoop profile trustedServerProfile
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)# commit
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)# exit
/* Identifies an interface */
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# interface HundredGigE0/1/0/8.1
/* Attaches a trusted DHCP snoop profile to the bridge domain */
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)# dhcp ipv4 snoop profile UnTrustedServerProfile
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)# commit
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)# exit
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# exit
RP/0/RSP0/CPU0:router(config-l2vpn-bg)# exit
RP/0/RSP0/CPU0:router(config-l2vpn)# exit
Running Configuration
RP/0/RSP0/CPU0:router(config)# show running config
dhcp ipv4
profile UnTrustedClientProfile snoop
!
dhcp ipv4
profile trustedServerProfile snoop
trusted
!
l2vpn
bridge group ccc
bridge-domain ddd
interface TenGigE0/2/0/4/1.1
dhcp ipv4 snoop profile trustedServerProfile
!
interface HundredGigE0/1/0/8.1
dhcp ipv4 snoop profile UnTrustedServerProfile
!
!
!
Verification
RP/0/RSP0/CPU0:router# show l2vpn forwarding detail location gigabitethernet 0/1/0/0
Bridge-domain name: bg1:bd1, id: 0, state: up
MAC learning: enabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
Security: disabled
DHCPv4 snooping: enabled
IGMP snooping: disabled, flooding: disabled
Bridge MTU: 1500 bytes
Number of bridge ports: 1
Number of MAC addresses: 0
Multi-spanning tree instance: 0
GigabitEthernet0/1/0/0, state: oper up
Number of MAC: 0
Statistics:
packets: received 0, sent 0
bytes: received 0, sent 0
Storm control drop counters:
packets: broadcast 0, multicast 0, unknown unicast 0
bytes: broadcast 0, multicast 0, unknown unicast 0
RP/0/RP0/CPU0:ios# show dhcp ipv4 snoop profile name trustedServerProfile
DHCP Ipv4 Snoop Profile trustedServerProfile:
Information Option: Disabled
Information Option Allow Untrusted: Disabled
Information Option Policy: Replace
Trusted: Enabled
Bridge References:
Interface References:
TenGigE0/2/0/4/1.1
RP/0/RP0/CPU0:ios# show dhcp ipv4 snoop profile name UnTrustedServerProfile
DHCP Ipv4 Snoop Profile UnTrustedServerProfile:
Information Option: Disabled
Information Option Allow Untrusted: Disabled
Information Option Policy: Replace
Trusted: Disabled
Bridge References:
Interface References:
HundredGigE0/1/0/8.1