Hey,
I want to configure DHCP snooping on some new 3850s we just deployed.
1: If I enable DHCP snooping, and enable it on the VLANs on the switch, this will make all interfaces untrusted, correct?
2: If I want clients to still get DHCP replies I must configure the uplinks(where the DHCP replies will come from) as trusted before I configure DHCP snooping? Or, are trunks trusted ports by default? I ask this because I have a 3750X in production that has DHCP snooping configured and a trunk on the switch is not configured as trusted, but it still gives DHCP addresses to laptops that hang off of the trunk(the trunk connects to a 3560 in a conference room) ..................just realized that the 3560 does not have DHCP snooping enabled so it will except DHCP replies from the 3750X trunk - make sense?
3: The switch that currently has DHCP snooping enabled is configured as a L3 switch(the uplinks to the core are L3 interfaces).These L3 interfaces are not configured as trusted, but DHCP is still working for clients attached to the switch. Is this because the DHCP snooping-Trusted-Not-Trusted function is only related to L2 interfaces ? Which makes sense since it is applied to VLANs.
Thanks for your help - Pat