Re: DHCP snooping on 6509 - Page 2

Brunhuber Adrian · ‎02-04-2014

Hi , I have this scenario :

I want to implement DHCP snooping in one site. Let`say I have a single Cat 6509 switch , that acts as a both Core and Access switch and it`s acting also as a DHCP server.

All the devices in the infrastructure are connected to this switch.

How can I implement DHCP snooping , what are the "trusted" ports ?

Thanks for your help.

Brunhuber Adrian · ‎02-04-2014

This sounds interesting , it may be the answer that I`m looking for :

4) if the dhcp server is originating on the switch then no need to applly the trusted command.

JohnTylerPearce · ‎02-04-2014

Pdriver,

That makes sense. I"m assuming that since if an untrusted port on a switch with DHCP Snooping enabled, and enabled for that specific vlan, has a DHCP Broadcast hit that port, it will forward it out all trusted ports, but in theory, since they're arent really any trusted ports, since the DHCP Server is on the switch itself, then the port would just need to be untrusted.

Jon Marshall · ‎02-04-2014

That makes sense.

So it makes sense when someone else says it just not me

Jon

paul driver · ‎02-04-2014

Hello John ( there a lot of johns / jons on this forum dont you think - )

All ports are untrusted by default when DHCP snoping is enabled as you aware and because dhcp DORA's are not orignating from any of them, there is no need to tust any,

That how I remember from testing Snooping/DAI/IPSG it in the past.

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul