Hello @dal 

One approach is to leverage the gateway address of the management IP on the switch.

If the management IP is in the same subnet as the DHCP server, the gateway will be the next hop for traffic to the DHCP server. By checking the routing table for the gateway, you can identify the interface leading to it. From there, use the MAC address table to map the gateway's MAC address to the physical switchport. This is straightforward way to determine the uplink port.

Other things is to trace the path of a DHCP request. Enable DHCP snooping globally on the switch without configuring any trusted ports. Then, generate a test DHCP request from a client in a controlled vlan. Afterward, check the binding table to confirm the DHCP server's response and use the MAC address table or neigbor discovery protocols like cdp/lldp  to trace the server's MAC address back to the uplink port.

If the DHCP server is connected through another switch, you can use cdp/lldp to identify the uplink port toward the next hop. Cross-reference this information with your network topology to pinpoint the exact port leading to the DHCP server.

In cases where the switch supports pinging the DHCP server, you can use the ARP table to locate the MAC address of the DHCP server and map it to a physical interface. However, if the switch no longer allows pinging the DHCP server, alternative methods like tracing the management gateway or DHCP traffic are more reliable.

Once you have identified the uplink port, your script can configure it as trusted for DHCP Snooping. Using Python libraries like Netmiko, you could automate the retrieval of routing, ARP, and MAC address table data, process it to identify the uplink port, and apply the necessary configuration commands.