Topology
At this example, we will configure 3 DHCP IP pools on the DHCP server. (DHCP server of Linux-mint)
1. Range 10.1.1.100 ~ 10.1.1.200, mask 255.255.255.0
2. Range 10.1.2.100 ~ 10.1.2.200, mask 255.255.255.0
3. Range 10.1.3.100 ~ 10.1.3.200, mask 255.255.255.0
Before set those rules on the DHCP server, you should know what you want to filter. At this example we will use Circuit ID as filter conditions.
Linux-mint DHCP server configuration:
vi /etc/dhcp/dhcpd.cfg
default-lease-time 600;
max-lease-time 7200;
option domain-name-servers 8.8.8.8; #DNS server
# Here will use last two bits of circuit-id as filter condition.
class 'keep1'{
match if(substring(option agent.circuit-id,4,2)=01:01);
} # When PC-1 insert SwitchB E 1/1.
class 'keep2'{
match if(substring(option agent.circuit-id,4,2)=01:02);
} # When NB-1 insert SwitchB E 1/2.
class 'replace'{
match if(substring(option agent.circuit-id,4,2)=01:0B);
} # Replace will be change to SwitchA circuit-id.
#Set the pools on DHCP server.
shared-network group{
subnet 10.1.0.0 netmask 255.255.0.0{
pool {
allow members of 'keep1';
range 10.1.1.100 10.1.1.200;
option subnet-mask 255.255.255.0;
}
pool {
allow members of 'keep2'
range 10.1.2.100 10.1.2.200;
option subnet-mask 255.255.255.0;
}
pool {
allow members of 'replace';
range 10.1.0.100 10.1.0.200;
option subnet-mask 255.255.255.0;
}
}
}Now we already finish the settings on the DHCP server.
Here we want configure DHCP option 82 at the switches:
Example 1:
If we want to let PC-1 and NB-1 get IP from the DHCP pools "keep1" and "keep2", we should let SwitchA keep the SwitchB DHCP option 82.
SwitchA setting
Step-1: Enable ip dhcp snooping with DHCP option 82
switchA#config switchA(config)#ip dhcp snooping switchA(config)#ip dhcp snooping vlan 1 switchA(config)#ip dhcp snooping information option switchA(config)#interface ethernet 1/1 switchA(config-if)#ip dhcp snooping trust
Step-2: Set the policy as "keep"
switchA(config)#ip dhcp snooping information policy keep
SwitchB setting
Step-1: Enable ip dhcp snooping globally
switchB#config switchB(config)#ip dhcp snooping
Step-2: Enable ip dhcp snooping on vlan 1
switchB(config)#ip dhcp snooping vlan 1
Step-3: Enable ip dhcp snooping with DHCP option 82
switchB(config)#ip dhcp snooping information option
Step-4: Set trust port on port 11
switchB(config)#interface ethernet 1/11 switchB(config-if)#ip dhcp snooping trust
Result
NB-1: DHCP Discover take the option 82 "Circuit ID: 000400010101".
NB-1: So it can get IP "10.1.1.120" from DHCP pool "keep1"
PC-1: DHCP Discover take the option 82 "Circuit ID: 000400010102".
PC-1: So it can get IP "10.1.2.105" from DHCP pool "keep2"
Example 2:
If we want to let PC-1 and NB-1 get ip from the DHCP pools "replace", we should let SwitchA replace the SwitchB DHCP option 82.
SwitchA setting
Step-1: Enable ip dhcp snooping with DHCP option 82
switchA#config switchA(config)#ip dhcp snooping switchA(config)#ip dhcp snooping vlan 1 switchA(config)#ip dhcp snooping information option switchA(config)#interface ethernet 1/1 switchA(config-if)#ip dhcp snooping trust
Step-2: Set the policy as "replace"
switchA(config)#ip dhcp snooping information policy replace
SwitchB setting
Step-1: Enable ip dhcp snooping globally
switchB#config switchB(config)#ip dhcp snooping
Step-2: Enable ip dhcp snooping on vlan 1
switchB(config)#ip dhcp snooping vlan 1
Step-3: Enable ip dhcp snooping with DHCP option 82
switchB(config)#ip dhcp snooping information option
Step-4: Set trust port on port 11
switchB(config)#interface ethernet 1/11 switchB(config-if)#ip dhcp snooping trust
Result
NB-1: DHCP Discover take the option 82 "Circuit ID: 00040001010b".
NB-1: So it can get IP "10.1.3.102" from DHCP pool "replace"
PC-1: DHCP Discover take the option 82 "Circuit ID: 00040001010b".
PC-1: So it can get IP "10.1.3.101" from DHCP pool "replace"
Notes:
If you only have one switch that don't need to set "ip dhcp snooping information policy".
Prev Page How to set ERPS sub ring at ES3528MV2 if we want to use two ERPS ring in the network ?