Ip dhcp snooping trust, No ip dhcp snooping trust, Ip dhcp snooping trust (4-181) – LevelOne FGL-2870 User Manual

Page 547

Advertising
background image

General Security Measures

4-181

4

packet filtering will be performed on any untrusted ports within the VLAN as
specified by the ip dhcp snooping trust command (page 4-181).

• When the DHCP snooping is globally disabled, DHCP snooping can still be

configured for specific VLANs, but the changes will not take effect until DHCP
snooping is globally re-enabled.

• When DHCP snooping is globally enabled, configuration changes for specific

VLANs have the following effects:
- If DHCP snooping is disabled on a VLAN, all dynamic bindings learned for

this VLAN are removed from the binding table.

Example
This example enables DHCP snooping for VLAN 1.

Related Commands

ip dhcp snooping (4-179)
ip dhcp snooping trust (4-181)

ip dhcp snooping trust

This command configures the specified interface as trusted. Use the no form to
restore the default setting.

Syntax

[no] ip dhcp snooping trust

Default Setting

All interfaces are untrusted

Command Mode

Interface Configuration (Ethernet, Port Channel)

Command Usage

• A trusted interface is an interface that is configured to receive only messages

from within the network. An untrusted interface is an interface that is
configured to receive messages from outside the network or fire wall.

• Set all ports connected to DHCP servers within the local network or fire wall

to trusted, and all other ports outside the local network or fire wall to untrusted.

• When DHCP snooping ia enabled globally using the ip dhcp snooping

command (page 4-179), and enabled on a VLAN with ip dhcp snooping vlan
command (page 4-180), DHCP packet filtering will be performed on any
untrusted ports within the VLAN according to the default status, or as
specifically configured for an interface with the no ip dhcp snooping trust
command.

• When an untrusted port is changed to a trusted port, all the dynamic DHCP

snooping bindings associated with this port are removed.

Console(config)#ip dhcp snooping vlan 1
Console(config)#

Advertising
Popular Brands
Popular manuals