Solved: Why and when to use ip arp inspect trust/ip dhcp snoop trust

Steve Coady · ‎08-05-2013

All

Thankyou in advance.

sMc

John Blakley · ‎08-05-2013

DHCP snooping trust is used on ports that you expect a dhcpoffer packet should come from. You generally trust the port that your server is on, and you trust the interswitch uplinks so the offer doesn't get dropped.

Arp inspection trust is used when you don't want to perform arp inspection on a packet. The arp inspection is done against the dhcp snooping database and allows packets that have a valid ip-mac binding in the database. If there is not a valid entry, then the packet is dropped. Cisco recommends that you configure all switchports to hosts as untrusted, but configure all links to other switches as trusted.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

View solution in original post

John Blakley · ‎08-05-2013

DHCP snooping trust is used on ports that you expect a dhcpoffer packet should come from. You generally trust the port that your server is on, and you trust the interswitch uplinks so the offer doesn't get dropped.

Arp inspection trust is used when you don't want to perform arp inspection on a packet. The arp inspection is done against the dhcp snooping database and allows packets that have a valid ip-mac binding in the database. If there is not a valid entry, then the packet is dropped. Cisco recommends that you configure all switchports to hosts as untrusted, but configure all links to other switches as trusted.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

Steve Coady · ‎08-06-2013

Thank you

sMc