DCHP Snooping

Unanswered Question
Sep 18th, 2007

You may remember me from such questions as "why isn't my IOS working, oh, it's not the right version, it has the wrong filename".

Well, the reason I wanted to upgrade is so that all my various 2960s across the network would have the ability to use DHCP Snooping...the last tool in my toolkit to help eliminate people plugging in home routers and switches and making headaches for the other users.

My question deals with the trusted port designation. My DHCP servers for my one enterprise vlan which the users are on (we'll call it vlan 42) are on various switches trunked through-out my network.

Since the DHCP servers reside so far away physically...when I attribute ports to be "trusted" do I put that attribute on the trunk ports of each switch until I get to the switch the DHCP servers are on and designate the actual physical ports they are connected to as trusted as well?

I am sorry to ask such a basic question...but everyone's diagrams are about DHCP servers that reside on the same physical switch as the network they are serving...and I can't imagine that for many of use this is the case.

Thank you, as always, for your help.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
szahid Tue, 09/18/2007 - 14:23

You will port ports in the dhcp snooping trust mode in 2 places only.

1. On your uplink ports on the switches where dhcp snooping is enabled if the switch is running dhcp snooping and the dhcp server is reachable via this uplink.

2. If your dhcp server is on one of the access ports on the switch that runs dhcp snooping , then trust has to be configured for that access port.




This Discussion