04-25-2019 10:08 AM
I'm studying for my Cisco Security exam and it's going deeper into detail on its decision making process (pretty simple) but I'm not seeing how to make it trust itself, or if it does by default. What I mean is, I can understand that it was intended to be used on a device that is CONNECTED to a DHCP server, and to trust the PORT it's attached to, and that it's enabled PER VLAN, but then it just moves on without addressing "What if the switch that has DHCP Snooping enabled IS the DHCP server?" And I haven't been able to get an answer from Google or these boards. So the question is, if the switch is giving out DHCP addresses on all but one VLAN, do I have to establish trust somewhere, and if so, how do I do that? Or am I forced to have an external DHCP server if I'm running DHCP Snooping?
If it helps, I'm using a WS-C3750-24P switch with L3 routing enabled, running IOS 12.2(55)
04-25-2019 03:02 PM
yes you can use Same Device act as DHCP Server, if you want to source the DHCP From external, use DHCP help address to external DHCP Server.
04-26-2019 08:49 AM
Just to clarify, you're saying that the switch automatically trusts itself and doesn't filter DHCP traffic originating from its own server?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide