We want to enable DHCP snooping on one of our sites, we have a core switch and lots of edge plugged into this, the DHCP server is over the WAN, do we just need to set the port that the WAN router plugs into and the uplinks to the switches as trusted? we have had some issues where DHCP snooping breaks DHCP in the past so were reluctant to enable it again.
DHCP snooping is not active until you enable the feature on at least one VLAN, and enable DHCP globally on the switch.
Before globally enabling DHCP snooping on the switch, make sure that the devices acting as the DHCP server and the DHCP relay agent are configured and enabled.
If a Layer 2 LAN port is connected to a DHCP server, configure the port as trusted by entering the ip dhcp snooping trust interface configuration command.
If a Layer 2 LAN port is connected to a DHCP client, configure the port as untrusted by entering the no ip dhcp snooping trust interface configuration command.
In summary...all uplik ports towards to server should be configured as server and all client connected prots should be configured as untrusted.
Best regards ******* If This Helps, Please Rate *******
Hi, Its OK now, I am comfortable with most the answers, I just wanted confirmation when to use the above commands. we have disabled option 82 on the edge ports so should not have any issues
