Filter
Top Products
User’s Manual of SGSD-1022 / SGSD-1022P
SGSW-2840 / SGSW-2840P
489
Command Mode
Interface Configuration (Ethernet, Port Channel)
Command Usage
A trusted interface is an interface that is configured to receive only messages from within the network. An untrusted
interface is an interface that is configured to receive messages from outside the network or firewall.
Set all ports connected to DHCP servers within the local network or firewall to trusted, and all other ports outside the local
network or firewall to untrusted.
When DHCP snooping ia enabled globally using the ip dhcp snooping command (page 4-146), and enabled on a VLAN
with ip dhcp snooping vlan command (page 4-148), DHCP packet filtering will be performed on any untrusted ports within
the VLAN according to the default status, or as specifically configured for an interface with the no ip dhcp snooping trust
command.
When an untrusted port is changed to a trusted port, all the dynamic DHCP snooping bindings associated with this port
are removed.
Additional considerations when the switch itself is a DHCP client – The port(s) through which it submits a client request to
the DHCP server must be configured as trusted.
Example
This Example sets port 5 to untrusted.
Console(config)#interface ethernet 1/5
Console(config-if)#no ip dhcp snooping trust
Console(config-if)#
Related Commands
ip dhcp snooping
ip dhcp snooping vlan
ip dhcp snooping verify mac-address
This command verifies the client’s hardware address stored in the DHCP packet against the source MAC address in the
Ethernet header. Use the no form to disable this function.
Syntax
[no] ip dhcp snooping verify mac-address
Default Setting
Enabled
Command Mode
Global Configuration