Application environment of trusted ports
Configuring a trusted port connected to a DHCP server
a.Configure trusted and untrusted ports
As shown in a, a DHCP snooping device’s port that is connected to an authorized DHCP server should be configured as a trusted port to forward reply messages from the DHCP server, so that the DHCP client can obtain an IP address from the authorized DHCP server.
Configuring trusted ports in a cascaded network
In a cascaded network involving multiple DHCP snooping devices, the ports connected to other DHCP snooping devices should be configured as trusted ports.
To save system resources, you can disable the trusted ports, which are indirectly connected to DHCP clients, from recording clients’
a.Configure trusted ports in a cascaded network
|
|
|
|
|
|
|
|
|
|
|
|
DHCP client |
|
|
|
|
|
|
|
|
| ||
| Host A | DHCP snooping |
|
|
| DHCP server | |||||
|
|
| Switch A | GE1/0/1 |
|
| |||||
|
|
| GE1/0/1 |
|
| GE1/0/2 | GE1/0/4 | GE1/0/2 | GE1/0/1 | ||
|
|
|
|
|
|
|
|
|
|
| |
DHCP client | GE1/0/3 |
|
| GE1/0/3 | DHCP snooping | ||||||
|
| ||||||||||
| Host B |
|
|
|
|
|
| Switch C |
|
| |
|
|
|
|
|
|
|
|
|
| ||
|
|
| GE1/0/1 |
|
|
|
|
|
|
| |
|
|
| GE1/0/4 |
| GE1/0/2 |
|
|
|
|
| |
DHCP client | GE1/0/3 |
| snooping |
|
|
|
| ||||
| Switch B |
|
|
|
| ||||||
| Host C |
|
|
|
|
|
|
| |||
|
|
|
|
|
|
|
|
|
| ||
|
|
|
|
|
|
|
|
| Untrusted ports | ||
|
|
|
|
|
|
|
|
| |||
|
|
|
|
|
|
|
|
| Trusted ports disabled from recording binding entries | ||
DHCP client |
|
|
|
|
|
| Trusted ports enabled to record binding entries | ||||
| Host D |
|
|
|
|
|
|
|
|
| |
289