ip dhcp snooping

[MTandSAV]

Hi,
I've been trying to get this working on 3750's, but no luck so far. I want this enabled so that hosts won't be able to connect to rogue DHCP servers.

After enabling snooping globally and for the vlans the hosts don't get an ip address anymore. I've trusted the -trunk-ports towards the dhcp server, but that doesn't help.
If I trust all port, they do get an ip address, but then i won't block the rogue dhcp servers
anyone seen this before or an idea?
thanks,

CCNA, CCNP..partly

 

[ADB100]

When you enable DHCP Snooping there is a feature called 'Option 82' that is also enabled. This is not supported in Microsoft's DHCP Server, it is more of a Service Provider thing to tell the DHCP Server the physical switch port the DHCP Client is connected to. What happens is the switch inserts option 82 into the DHCP request from the client. If the DHCP server is Microsoft's then it ignores the packet.
You can disable this feature with the following global command:

no ip dhcp snooping information option

Current recommendation is to also rate limit the DHCP requests on the access ports:

interface FastEthernet1/0/1
ip dhcp snooping limit rate 100

HTH

Andy