09-23-2023 11:14 AM
Is it good to have DHCP snooping configured on core switches or not. Just implementati DHCP snooping on access layer switches is fine?
09-23-2023 11:23 AM - edited 09-23-2023 11:25 AM
Hello @pheycel,
It is common and effective to implement DHCP snooping primarily at the access layer switches to secure against DHCP-related attacks. If DHCP servers are at the core, enabling DHCP snooping there provides an additional layer of security, but the core is not the primary location for DHCP snooping implementation. Always tailor your security measures to your specific network design and requirements.
Also please find informtations in a former thread:
https://community.cisco.com/t5/switching/design-questions-for-dhcp-snooping/td-p/1271180
09-23-2023 12:32 PM
thanks
09-23-2023 12:36 PM
You're welcome @pheycel
09-23-2023 11:38 AM - edited 09-23-2023 11:39 AM
On access SW in which your host connect you need to config dhcp snooping in core SW you dont need that.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide