DHCP Snooping

Unanswered Question
Jan 11th, 2011


Is it required to enable dhcp trust on trunk ports if server is connected to a core switches and pc's are connected to access switches. access switch and core switches have trunk ports.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
cadet alain Tue, 01/11/2011 - 13:02


On your access switches you must trust on ports going to your server as by defult all ports are untrusted and so no DHCP replies from your server

will hit your clients.



Raghavendra Bandaru Wed, 01/12/2011 - 00:23

Thanks Alain,

But in my case, server is connected to Core switches. We have 2-tier structure.

Access switches connected to core switches , core switches connected to router and then to wan.

All PCs are connected to Access Switches.

Dhcp server is connected to Core Switch.

Access switch and core switch are connected via trunk ports.

as shown in the attached visio diagram. My doubt is, is it required to make both the trunk ports on access switches as trust ports and what all need to be considered to implement dhcp snooping this scenario.

cadet alain Wed, 01/12/2011 - 10:17


But in my case, server is connected to Core switches. We have 2-tier structure.

it makes no difference you must trust links going towards server on your access switches.

I can't read visio files so I can't tell you on which switch to implement snooping but I can tell you for sure that when

it is enabled all ports are untrusted and so no dhcp replies can transit these ports and so that's why you must trust the interfaces which are going to your dhcp server so that replies can enter this ports.



Raghavendra Bandaru Thu, 01/13/2011 - 11:07

Can you please give me the commands to enable dhcp snooping on CAT OS.

and also how to revert(disable dhcp snooping).


This Discussion