https://community.cisco.com/t5/network-access-control/enabling-dhcp-snooping-for-profiling-without-blocking-dhcp/m-p/2918700#M36442 <P>Hi Brian-</P> <P>If you want to use DHCP Snooping then you must define the trusted ports. Otherwise, as you have already mentioned, your clients will not get addresses from DHCP.&nbsp;</P> <P>With that being said, what are your concerns with enabling trust interfaces?</P> <P><EM>Thank you for rating helpful posts!</EM></P> Sat, 30 Apr 2016 18:16:56 GMT nspasov 2016-04-30T18:16:56Z https://community.cisco.com/t5/network-access-control/enabling-dhcp-snooping-for-profiling-without-blocking-dhcp/m-p/2918699#M36434 <P>I am reading through a lot of documentation trying to increase my knowledge on how ISE Profiling works.</P> <P>I have found many design guides that say to enable these commands:</P> <P>ip dhcp snooping</P> <P>ip dhcp snooping vlan [VLAN ID's]</P> <P></P> <P>I understand the basic concept of what DHCP snooping does, but if I enable it and enable it on a VLAN, what is preventing the switch from dropping the DHCP packets because I havent configured any of the dhcp trust interfaces?&nbsp;</P> <P></P> Mon, 11 Mar 2019 06:42:58 GMT https://community.cisco.com/t5/network-access-control/enabling-dhcp-snooping-for-profiling-without-blocking-dhcp/m-p/2918699#M36434 BTinNC 2019-03-11T06:42:58Z https://community.cisco.com/t5/network-access-control/enabling-dhcp-snooping-for-profiling-without-blocking-dhcp/m-p/2918700#M36442 <P>Hi Brian-</P> <P>If you want to use DHCP Snooping then you must define the trusted ports. Otherwise, as you have already mentioned, your clients will not get addresses from DHCP.&nbsp;</P> <P>With that being said, what are your concerns with enabling trust interfaces?</P> <P><EM>Thank you for rating helpful posts!</EM></P> Sat, 30 Apr 2016 18:16:56 GMT https://community.cisco.com/t5/network-access-control/enabling-dhcp-snooping-for-profiling-without-blocking-dhcp/m-p/2918700#M36442 nspasov 2016-04-30T18:16:56Z