cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
897
Views
4
Helpful
3
Replies

DHCP Snooping when using Switches' DHCP Server

Charles Rayer
Level 1
Level 1

Hi All,

So my core switches are configured to be DHCP servers on my LAN.

Recently I suffered a problem with an external DHCP server being plugged into my network - not malicious, just a mistake.

So I thought I'd look into DHCP snooping, but everyting I read says to configure the ports leading to the DHCP server as trusted - how can I do that when it's the core switch? 

3 Replies 3

Mark Malone
VIP Alumni
VIP Alumni

Hi

if the switch is the DHCP server then the ports don't require to be trusted , switch is generating the DHCP messages so there no requirement for it to trust them like an external DHCP server or non Cisco switch that's generating them

yoann.wolf67
Level 1
Level 1

If your end-users are connected directly on your core switches, you don't need dhcp snooping because it's your switches directly which deliver DHCP frames.

If you have access switches linked to your core switches, then you can start to think about implementing DHCP Snooping.

Basically, you'll have to trust your uplink on your access switches (the link from your acces switches to your core switches) and let your access ports as untrusted.

Best regards

Yoann

Hello

Apologies- hadn't refreshed the page - I can see this has already been stated!

There is always a chance a rouge dhcp server is introduced by the access switches , So dhcp snooping wouldn't be just applied on the core, you should apply it on the access switches also, And that mean trusting the interconects to the core.

res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Review Cisco Networking for a $25 gift card