DHCP S
NOOPING
C
OMMANDS
4-305
ip dhcp snooping trust (4-305)
ip dhcp snooping trust
This command configures the specified interface as trusted. Use the no
form to restore the default setting.
Syntax
[no] ip dhcp snooping trust
Default Setting
All interfaces are untrusted
Command Mode
Interface Configuration (Ethernet, Port Channel)
Command Usage
• An untrusted interface is an interface that is configured to receive
messages from outside the network or firewall. A trusted interface is
an interface that is configured to receive only messages from within
the network.
• When DHCP snooping enabled globally using the ip dhcp snooping
command (page -301), and enabled on a VLAN with this command,
DHCP packet filtering will be performed on any untrusted ports
within the VLAN according to the default status, or as specifically
configured for an interface with the no ip dhcp snooping trust
command.
• When an untrusted port is changed to a trusted port, all the dynamic
DHCP snooping bindings associated with this port are removed.
• Additional considerations when the switch itself is a DHCP client – The port(s)
through which it submits a client request to the DHCP server must be
configured as trusted.
Example
This example sets port 5 to untrusted.
Console(config)#interface ethernet 1/5
Console(config-if)#no ip dhcp snooping trust
Console(config-if)#
To Next Page
Loading...
Need help?
General
