When the DHCP server is external and the switch acts as a DHCP relay to implement DHCP snooping an IP source guard you need to configure the uplinks as trusted ports otherwise clients cannot get IP addresses via the external DHCP (the security features will not accept multiple DHCP messages on the same untrusted port so the need to trust uplink ports or the port where the DHCP server is connected).
With an internal server this problem should be overcomed, however uplinks need to be excluded from IP source guards checks because potentially the source IP address of received packets is any possible value.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...