Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Why and when to use ip arp inspect trust/ip dhcp snoop trust

All

Thankyou in advance.

sMc
  • LAN Switching and Routing
1 ACCEPTED SOLUTION

Accepted Solutions

Why and when to use ip arp inspect trust/ip dhcp snoop trust

DHCP snooping trust is used on ports that you expect a dhcpoffer packet should come from. You generally trust the port that your server is on, and you trust the interswitch uplinks so the offer doesn't get dropped.

Arp inspection trust is used when you don't want to perform arp inspection on a packet. The arp inspection is done against the dhcp snooping database and allows packets that have a valid ip-mac binding in the database. If there is not a valid entry, then the packet is dropped. Cisco recommends that you configure all switchports to hosts as untrusted, but configure all links to other switches as trusted.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
2 REPLIES

Why and when to use ip arp inspect trust/ip dhcp snoop trust

DHCP snooping trust is used on ports that you expect a dhcpoffer packet should come from. You generally trust the port that your server is on, and you trust the interswitch uplinks so the offer doesn't get dropped.

Arp inspection trust is used when you don't want to perform arp inspection on a packet. The arp inspection is done against the dhcp snooping database and allows packets that have a valid ip-mac binding in the database. If there is not a valid entry, then the packet is dropped. Cisco recommends that you configure all switchports to hosts as untrusted, but configure all links to other switches as trusted.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
New Member

Why and when to use ip arp inspect trust/ip dhcp snoop trust

Thank you

sMc
155
Views
0
Helpful
2
Replies
This widget could not be displayed.