Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
947
Views
0
Helpful
2
Replies

DHCP Snooping trusting question

ElQueue
Level 1
Level 1

‎04-25-2019 10:08 AM

I'm studying for my Cisco Security exam and it's going deeper into detail on its decision making process (pretty simple) but I'm not seeing how to make it trust itself, or if it does by default. What I mean is, I can understand that it was intended to be used on a device that is CONNECTED to a DHCP server, and to trust the PORT it's attached to, and that it's enabled PER VLAN, but then it just moves on without addressing "What if the switch that has DHCP Snooping enabled IS the DHCP server?" And I haven't been able to get an answer from Google or these boards. So the question is, if the switch is giving out DHCP addresses on all but one VLAN, do I have to establish trust somewhere, and if so, how do I do that? Or am I forced to have an external DHCP server if I'm running DHCP Snooping?

 

If it helps, I'm using a WS-C3750-24P switch with L3 routing enabled, running IOS 12.2(55)

Labels:
0 Helpful
2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

‎04-25-2019 03:02 PM

yes you can use Same Device act as DHCP Server, if you want to source the DHCP From external, use DHCP help address to external DHCP Server.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

ElQueue
Level 1
Level 1
In response to balaji.bandi

‎04-26-2019 08:49 AM

Just to clarify, you're saying that the switch automatically trusts itself and doesn't filter DHCP traffic originating from its own server?

0 Helpful
Customers Also Viewed These Support Documents