Command Line Interface
4-118
4
• When DHCP snooping is globally enabled, configuration changes for specific 
VLANs have the following effects:
- If DHCP snooping is disabled on a VLAN, all dynamic bindings learned for 
this VLAN are removed from the binding table.
Example 
This example enables DHCP snooping for VLAN 1.
Related Command
ip dhcp snooping (4-115)
ip dhcp snooping trust (4-118)
ip dhcp snooping trust
This command configures the specified interface as trusted. Use the no form to 
restore the default setting.
Syntax 
[no] ip dhcp snooping trust
Default Setting 
All interfaces are untrusted
Command Mode 
Interface Configuration (Ethernet, Port Channel)
Command Usage 
• A trusted interface is an interface that is configured to receive only messages 
from within the network. An untrusted interface is an interface that is 
configured to receive messages from outside the network or firewall. 
• Set all ports connected to DHCP servers within the local network or firewall to 
trusted, and all other ports outside the local network or firewall to untrusted.
• When DHCP snooping enabled globally using the ip dhcp snooping 
command (page 4-115), and enabled on a VLAN with ip dhcp snooping vlan 
command (page 4-117), DHCP packet filtering will be performed on any 
untrusted ports within the VLAN according to the default status, or as 
specifically configured for an interface with the no ip dhcp snooping trust 
command.
• When an untrusted port is changed to a trusted port, all the dynamic DHCP 
snooping bindings associated with this port are removed.
• Additional considerations when the switch itself is a DHCP client – The port(s) 
through which it submits a client request to the DHCP server must be 
configured as trusted.
Console(config)#ip dhcp snooping vlan 1
Console(config)#