08-05-2013 01:50 PM - edited 03-07-2019 02:45 PM
08-05-2013 02:16 PM
DHCP snooping trust is used on ports that you expect a dhcpoffer packet should come from. You generally trust the port that your server is on, and you trust the interswitch uplinks so the offer doesn't get dropped.
Arp inspection trust is used when you don't want to perform arp inspection on a packet. The arp inspection is done against the dhcp snooping database and allows packets that have a valid ip-mac binding in the database. If there is not a valid entry, then the packet is dropped. Cisco recommends that you configure all switchports to hosts as untrusted, but configure all links to other switches as trusted.
HTH,
John
*** Please rate all useful posts ***
08-05-2013 02:16 PM
DHCP snooping trust is used on ports that you expect a dhcpoffer packet should come from. You generally trust the port that your server is on, and you trust the interswitch uplinks so the offer doesn't get dropped.
Arp inspection trust is used when you don't want to perform arp inspection on a packet. The arp inspection is done against the dhcp snooping database and allows packets that have a valid ip-mac binding in the database. If there is not a valid entry, then the packet is dropped. Cisco recommends that you configure all switchports to hosts as untrusted, but configure all links to other switches as trusted.
HTH,
John
*** Please rate all useful posts ***
08-06-2013 08:05 AM
Thank you
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide