Ip dhcp snooping trust, Ip dhcp snooping trust (666) – Microsens MS453490M Management Guide User Manual
Page 666
C
HAPTER
25
| General Security Measures
DHCP Snooping
– 666 –
◆
When the DHCP snooping is globally disabled, DHCP snooping can still
be configured for specific VLANs, but the changes will not take effect
until DHCP snooping is globally re-enabled.
◆
When DHCP snooping is globally enabled, configuration changes for
specific VLANs have the following effects:
■
If DHCP snooping is disabled on a VLAN, all dynamic bindings
learned for this VLAN are removed from the binding table.
E
XAMPLE
This example enables DHCP snooping for VLAN 1.
Console(config)#ip dhcp snooping vlan 1
Console(config)#
R
ELATED
C
OMMANDS
ip dhcp snooping
trust
This command configures the specified interface as trusted. Use the no
form to restore the default setting.
S
YNTAX
[no] ip dhcp snooping trust
D
EFAULT
S
ETTING
All interfaces are untrusted
C
OMMAND
M
ODE
Interface Configuration (Ethernet, Port Channel)
C
OMMAND
U
SAGE
◆
A trusted interface is an interface that is configured to receive only
messages from within the network. An untrusted interface is an
interface that is configured to receive messages from outside the
network or fire wall.
◆
Set all ports connected to DHCP servers within the local network or fire
wall to trusted, and all other ports outside the local network or fire wall
to untrusted.
◆
When DHCP snooping ia enabled globally using the
command, and enabled on a VLAN with
command, DHCP packet filtering will be performed on any untrusted
ports within the VLAN according to the default status, or as specifically
configured for an interface with the no ip dhcp snooping trust
command.