Existing configuration:

CORE SWITCH 1

Interface Vlan 3

Ip address 10.62.252.252 255.255.255.0

Ip address 100.179.22.252  255.255.255.0 secondary

Ip helper-address 10.62.252.5  <local dhcp server>

Ip helper-address 10.66.10.10  <located in remote site>

CORE SWITCH 2

Interface Vlan 3

Ip address 10.62.252.253 255.255.255.0

Ip address 100.179.22.253 255.255.255.0 secondary

Ip helper-address 10.62.252.5

Ip helper-address 10.66.10.10

Proposed Configuration:

For the attached topology, I wanted to enable dhcp snooping to prevent rogue dhcp attacks.

Access Switch 1 to 5:

AccessSwitch(config)# ip dhcp snooping

AccessSwitch(config)# ip dhcp snooping vlan 3

Under all the uplinks:

AccessSwitch(config-if)# ip dhcp snooping trust

Core\Distribution Switch 1 and 2:

CoreSwitch1(config)# Interface fa 0/1

CoreSwitch1(config-if)# ip dhcp snooping trust

CoreSwitch1(config)# ip dhcp snooping

CoreSwitch1(config)# ip dhcp snooping vlan 3

CoreSwitch1(config)# int vlan 3

CoreSwitch1(config)# ip dhcp relay information trusted

CoreSwitch1(config)#interface po 1

CoreSwitch1(config)#ip dhcp snooping trust

CoreSwitch2(config)# ip dhcp snooping

CoreSwitch2(config)# ip dhcp snooping vlan 3

CoreSwitch2(config)# int vlan 3

CoreSwitch2(config)# ip dhcp relay information trusted

CoreSwitch2(config)#interface po 1

CoreSwitch2(config)#ip dhcp snooping trust

and enable on trust on the uplinks to core to access switches..

Now, since the secondary dhcp server is on remote site and it should reach over WAN cloud,  should i enable trust on the uplinks to my MPLS and DSL routers as well ?

I wanted to know if any changes or additional configuration required.