Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

DHCP snooping

Hi,

I'm planning to enable DHCP snooping. Recently, i did some reading on the subject. One thing that i'm not sure.

My network consist of having several remote site all linked through a MPLS network.

I have a primary and secondary dhcp server which is found in the IT center, First thing i need to trust is both ports that have the dhcp servers connected.

my question is do i need to trust all my uplink ports (trunk ports) that are located in my remote sites to let the DHCPoffer come through.

thx

5 REPLIES

Re: DHCP snooping

Hi Tony,

When configuring DHCP snooping on switches on your network, you must configure all trunk ports as DHCP trusted ports. This will allows the DHCPoffer and ACK packets to pass.

HTH, Please rate posts if it does.

Regards

Stephen

========================== http://www.rconfig.com A free, open source network device configuration management tool, customizable to your needs! - Always vote on an answer if you found it helpful
New Member

Re: DHCP snooping

Hi Stephen,

thx for your answer.

Regards

New Member

Re: DHCP snooping

Hi,

DHCP snooping really require to configure this feature.

In my view,DHCP snooping will be used not to trust other DHCP server in the network.

But If the companies having windows 2003 environment,DHCP server will not work until they give permissions.

Suggest me please.

Bronze

Re: DHCP snooping

Hi,

Attacker could act from DHCP server subnet and could reply to DHCP server request.The reply may also contain itself as the gateway,hence all traffic would be forwarded to him..

The legitimate DHCP server are put on trusted port and all host on untrusted port.Trusted port is the interface where only the replies are expected.So any reply coming from untrusted ports are discarded .Reply from ports are matched with the dhcp binding table,which have all info abt the ip,mac etc and hence kept a track.

New Member

Re: DHCP snooping

Hi,

thx for all your help, i got this working properly.

155
Views
9
Helpful
5
Replies