We need to implement DHCP snooping on our network to protect our DHCP architecture, and also meet the pre-requisites for Dynamic ARP inspection and IP Source Guard.
I have a few questions regarding DHCP Snooping.
1) I have read elswhere that when you enable "DHCP Snooping" in global config, all ports are automatically set to untrusted. Would I be correct in saying that if I pre-configure a port connecting to a DHCP server as "dhcp snooping trust" prior to enabling "dhcp snooping" in global config, DHCP replies will continue unaffected ?
2) I understand that interswitch links need to be configured with "dhcp snooping trust", do I need to configure this on all links between the various switch blocks? e.g. Server Farm, Core and Distribution Layers ?
3) Can DHCP Snooping be enabled without affecting services? (im repeating myself a little here I know) For example if I pre configure all the interswitch links (if required) as trusted links and all ports that connect to DHCP servers as trusted links, can I then enable "dhcp snooping" and "dhcp snooping vlan x" without impacting the operational DHCP service ?
Thanks in advance.