I'm having trouble determining where/how to implement DHCP snooping on our campus.
The core for our campus is a pair of 6506's etherchanneled to each other and 3750 stacks which serve as the distribution layer. The 3750's are trunked to our access layer switches (3560Gs, 3550s and some 3500XLs). The 6506s have MSFCs configured with the SVIs for each of 50+ end-to-end VLANs and run HSRP. DHCP is enabled on a few nets/vlans currently. Those nets/vlans have the ip-helper address configured. In addition, the supervisors on the 6506s serve as VTP servers and are the only CatOS on campus. We're trying to test dhcp snooping but haven't had much success.
Our DHCP server is located near the core. DHCP snooping is enabled on most of the 3560Gs globally and only the uplinks are trusted. All of our access switches are in a stacked configuration similar to... core -> bldg1 dist -> bldg1a -> bldg1b -> bldg1c... It didn't make sense to trust offers from downstream. My understanding of trust relates to where offers are originating. Is this correct or is there more information exchanged that requires bidirectional trust?
The VLAN SVIs don't seem to allow for snooping configuration. Should I be looking at the dist. or access levels? The access level seems like it would be an administrative nightmare in a large VTP domain!
Thanks for any advice.