Application environment of trusted ports, Configuring trusted ports in a cascaded network – H3C Technologies H3C S12500 Series Switches User Manual

75

Application environment of trusted ports

Configuring a trusted port connected to a DHCP server

Figure 35 Trusted port configuration

As shown in

Figure 35

, the trusted port forwards reply messages from the DHCP server to the client, but

the untrusted port connected to the unauthorized DHCP server cannot forward any reply messages. This

makes sure the DHCP client can obtain an IP address from the authorized DHCP server.

Configuring trusted ports in a cascaded network

In a cascaded network involving multiple DHCP snooping devices, the ports connected to other DHCP
snooping devices should be configured as trusted ports.
To save system resources, you can disable the trusted ports, which are not directly connected to DHCP

clients, from recording clients' IP-to-MAC bindings upon receiving DHCP requests.

Figure 36 Configuring trusted ports in a cascaded network

Trusted port disabled from recording binding entries

DHCP snooping

Switch A

DHCP snooping

Switch C

DHCP client

Host D

DHCP client

Host C

DHCP client

Host B

DHCP server

Device

DHCP snooping

Switch B

GE3/0/4

GE3/0/2

GE3/0/3

GE3/0/1

GE3/0/2

GE3/0/3

GE3/0/4

GE3/0/2

GE3/0/1

GE3/0/3

GE3/0/1

DHCP client

Host A

GE3/0/1

Untrusted port

Trusted port enabled to record binding entries