08-02-2016 09:12 AM - edited 03-08-2019 06:51 AM
Hi All,
So my core switches are configured to be DHCP servers on my LAN.
Recently I suffered a problem with an external DHCP server being plugged into my network - not malicious, just a mistake.
So I thought I'd look into DHCP snooping, but everyting I read says to configure the ports leading to the DHCP server as trusted - how can I do that when it's the core switch?
08-02-2016 09:54 AM
Hi
if the switch is the DHCP server then the ports don't require to be trusted , switch is generating the DHCP messages so there no requirement for it to trust them like an external DHCP server or non Cisco switch that's generating them
08-02-2016 11:47 PM
If your end-users are connected directly on your core switches, you don't need dhcp snooping because it's your switches directly which deliver DHCP frames.
If you have access switches linked to your core switches, then you can start to think about implementing DHCP Snooping.
Basically, you'll have to trust your uplink on your access switches (the link from your acces switches to your core switches) and let your access ports as untrusted.
Best regards
Yoann
08-03-2016 12:54 AM
Hello
Apologies- hadn't refreshed the page - I can see this has already been stated!
There is always a chance a rouge dhcp server is introduced by the access switches , So dhcp snooping wouldn't be just applied on the core, you should apply it on the access switches also, And that mean trusting the interconects to the core.
res
Paul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide