So my core switches are configured to be DHCP servers on my LAN.
Recently I suffered a problem with an external DHCP server being plugged into my network - not malicious, just a mistake.
So I thought I'd look into DHCP snooping, but everyting I read says to configure the ports leading to the DHCP server as trusted - how can I do that when it's the core switch?
if the switch is the DHCP server then the ports don't require to be trusted , switch is generating the DHCP messages so there no requirement for it to trust them like an external DHCP server or non Cisco switch that's generating them
If your end-users are connected directly on your core switches, you don't need dhcp snooping because it's your switches directly which deliver DHCP frames.
If you have access switches linked to your core switches, then you can start to think about implementing DHCP Snooping.
Basically, you'll have to trust your uplink on your access switches (the link from your acces switches to your core switches) and let your access ports as untrusted.
Apologies- hadn't refreshed the page - I can see this has already been stated!
There is always a chance a rouge dhcp server is introduced by the access switches , So dhcp snooping wouldn't be just applied on the core, you should apply it on the access switches also, And that mean trusting the interconects to the core.