I use the IOS build-in DHCP server feature to provide DHCP services for all my VLANs.
No, I want to configure DHCP Snooping for those VLANs. I read the documentation about DHCP snooping and I as far as I understand it, the use of "ip dhcp snooping trust" is a mandatory command.
But I don't have a trusted interface that is connected to a DHCP server -> because I use the build-in DHCP server in the router.
So the question is:
Which interface is the "trusted interface" when I use the build-in DHCP server?
Or can I just ignore that command (even if it seems to be mandatory)?
Does anyone have experience with that scenario?
Is there a (Windows) tool I could use to test if it is working as expected?
First, proving that the DHCP Snooping works should begin by using the various commands under show ip dhcp snooping. There are various possibilites to see if the snooping is really in place and what MAC/IP mappings has the snooping recorded on your switch.
Further, you can use the Wireshark packet sniffer on a PC to see that if another workstation on a different switchport broadcasts a DHCP Discover or Request message, you will not receive that DHCP message. Also, you will not receive any DHCP Offer or Acks even if they are broadcasted.
Also, you can connect an external DHCP server to one of your untrusted switchports and prove that it does not receive any requests and that it does not assign any addresses.
I don't know about a complex tool how to test that the DHCP Snooping is working but you can always test the individual behavior patterns.