10-31-2011 04:55 AM - edited 03-07-2019 03:08 AM
I have a question about enabling dhcp snooping on a switch that is also configured as a dhcp server. Where would you configure the ip dhcp snooping trust command?
e.g.
ip dhcp pool desktop
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
interface g0/1
switchport access vlan 2
switchport mode access
int vlan 2
descrption desktop
ip address 192.168.0.1 255.255.255.0
TIA
Solved! Go to Solution.
10-31-2011 06:06 AM
Hi,
Then I would leave all ports as untrusted which is the default.
Alain.
10-31-2011 05:11 AM
Hi,
why configure DHCP snooping on the DHCP server? It makes no sense.
This feature is meant to prevent rogue DHCP servers and DHCP startvation attacks and it should be configured on access switches to prevent users from installing rogue DHCP servers and use it for MiTM attacks.
Alain.
10-31-2011 05:20 AM
thanks for the response.
I understand what you are getting at. What about a situation though with a remote branch office with 1 switch and no servers to run DHCP. Is dhcp snooping a good option to use here to stop users from connecting rogue servers?
10-31-2011 06:06 AM
Hi,
Then I would leave all ports as untrusted which is the default.
Alain.
10-31-2011 12:41 PM
I just tested this and as you say just leave everything untrusted. I thought it might be necessary to use the ip dhcp snooping trust command on the SVI interface but thats not the case.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide