Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Questions about DHCP Snooping

Hi!

I have some questions about dhcp snooping:

If I have a dhcp server localy on my 3750, is any interface on that switch considered Trusted? I route all the vlans in the same switch...

If I connect a Wireless LAN Controller to that same 3750, how should I treat that port? I guess the WLC is a relay-agent?

Regards

Johan

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Questions about DHCP Snooping

A DHCP offer cannot come from a DHCP untrusted and as your WLC doesn't assign IP addresses this port shouldn't be trusted

6 REPLIES
Hall of Fame Super Silver

Re: Questions about DHCP Snooping

Hello Johan,

when you enable DHCP snooping the default state of all ports is untrusted.

you need to turn to trusted where needed.

For example the port where the WLAN controller connects has to be made trusted or wireless users csnnot get an ip address.

Hope to help

Giuseppe

New Member

Re: Questions about DHCP Snooping

Hi Giuseppe,

But why should a port where the WLAN controller connect considered Trusted?

Wouldn't that mean that i trust every client on the WLAN?

/johan

Hall of Fame Super Silver

Re: Questions about DHCP Snooping

Hello Johan,

not sure about the WLAN controller but all ports were multiple DHCP requests are expected should be configured as trusted.

So the question becomes how the client traffic is sent to the wired infrastructure.

You can implement wireless specific authentication methods to allow access only to legitimate users.

Hope to help

Giuseppe

New Member

Re: Questions about DHCP Snooping

"all ports were multiple DHCP requests are expected should be configured as trusted."

Thanks, it was a answer like that that I was looking for!

Thanks /johan

Re: Questions about DHCP Snooping

Personally I think that the port to the WLC controller should be untrusted as the WLC controller doesn't act as DHCP server.

All ports to the DHCP servers should be trusted.

Thus if your DHCP server is on another segment you need to trust all intermediate trunk + port of the DHCP server.

Re: Questions about DHCP Snooping

A DHCP offer cannot come from a DHCP untrusted and as your WLC doesn't assign IP addresses this port shouldn't be trusted

508
Views
0
Helpful
6
Replies