DHCP Snooping on multiple switches

Unanswered Question
Aug 28th, 2009
User Badges:

I'd like to configure dhcp snooping on a multiple switch environment (almost all 6500s), but I have some concerns on trunking ports.


1) not-so-simple question:

I have this layout

- dhcp server connecting to port 1 of switch 1; access vlan on vlan 1

- dhcp client connecting to port 2 of switch 2; access vlan on vlan 2

switch 1 and 2 are connected via a trunk port (port 3 on both).

L3 for both vlan 1 and 2 is configured on switch 1.


Should I configure port 3 of switch 2 as a trusted port?


TIA

Ivan

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Fri, 08/28/2009 - 07:05
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Ivan,


>> Should I configure port 3 of switch 2 as a trusted port?


yes otherwise legitimate traffic could be dropped.

DHCP snooping looks at the source ip address and you are likely to receive traffic with arbitrary source ip address on this port to the default gateway coming from all other possible vlans/subnets or even from internet


Hope to help

Giuseppe



Actions

This Discussion