09-08-2009 05:10 PM - edited 03-06-2019 07:38 AM
From what I've read DHCP snooping can help prevent unauthorized DHCP servers from causing disruptions on the network. I don't see how that is from the configurations I've read.
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/12ew/configuration/guide/dhcp.pdf
I want to implement something on my private network that is comprised of over 100 VLAN's. I can't see how the commands detailed on that page can stop an unauthorized DHCP server from responding to DHCP requests. Am I missing something?
09-08-2009 05:37 PM
When you enable DHCP Snooping, all switchports will automatically become untrusted thus you will manually need to identify the switchport where real DHCP is connected to - and dhcp trust that port.
You will need to dhcp trust inter-switch links as well.
If you don't dhcp trust a switchport, no DHCP server information will be relayed into your switched network.
__
Edison.
09-08-2009 05:53 PM
Thanks Edison, I was afraid of that. I have had issues with users who come in with a DHCP server like a small home router and plug into their network jacks. I can't put in .1X authentication yet so I couldn't go in that direction.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: