Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
774
Views
0
Helpful
6
Replies

Questions about DHCP Snooping

Go to solution
jmandersson
Level 1
Level 1

‎03-20-2009 12:34 AM - edited ‎03-06-2019 04:43 AM

Hi!

I have some questions about dhcp snooping:

If I have a dhcp server localy on my 3750, is any interface on that switch considered Trusted? I route all the vlans in the same switch...

If I connect a Wireless LAN Controller to that same 3750, how should I treat that port? I guess the WLC is a relay-agent?

Regards

Johan

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
davy.timmermans
Level 4
Level 4
In response to davy.timmermans

‎03-20-2009 10:37 AM

A DHCP offer cannot come from a DHCP untrusted and as your WLC doesn't assign IP addresses this port shouldn't be trusted

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎03-20-2009 01:05 AM

Hello Johan,

when you enable DHCP snooping the default state of all ports is untrusted.

you need to turn to trusted where needed.

For example the port where the WLAN controller connects has to be made trusted or wireless users csnnot get an ip address.

Hope to help

Giuseppe

0 Helpful

Go to solution
jmandersson
Level 1
Level 1
In response to Giuseppe Larosa

‎03-20-2009 01:29 AM

Hi Giuseppe,

But why should a port where the WLAN controller connect considered Trusted?

Wouldn't that mean that i trust every client on the WLAN?

/johan

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to jmandersson

‎03-20-2009 03:42 AM

Hello Johan,

not sure about the WLAN controller but all ports were multiple DHCP requests are expected should be configured as trusted.

So the question becomes how the client traffic is sent to the wired infrastructure.

You can implement wireless specific authentication methods to allow access only to legitimate users.

Hope to help

Giuseppe

0 Helpful

Go to solution
jmandersson
Level 1
Level 1
In response to Giuseppe Larosa

‎03-20-2009 03:51 AM

"all ports were multiple DHCP requests are expected should be configured as trusted."

Thanks, it was a answer like that that I was looking for!

Thanks /johan

0 Helpful

Go to solution
davy.timmermans
Level 4
Level 4
In response to jmandersson

‎03-20-2009 06:07 AM

Personally I think that the port to the WLC controller should be untrusted as the WLC controller doesn't act as DHCP server.

All ports to the DHCP servers should be trusted.

Thus if your DHCP server is on another segment you need to trust all intermediate trunk + port of the DHCP server.

0 Helpful

Go to solution
davy.timmermans
Level 4
Level 4
In response to davy.timmermans

‎03-20-2009 10:37 AM

A DHCP offer cannot come from a DHCP untrusted and as your WLC doesn't assign IP addresses this port shouldn't be trusted

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card