EXOS - Configure IP-Security DHCP-Snooping Trusted Ports

  • 0
  • 3
  • Question
  • Updated 1 month ago
  • Answered
Hi,
Hardware is X450G2, Firmware 22.4.1.4.
I ́d like to configure "ip-security dhcp-snooping" on Layer2 Access Switch for a few VLANs. How to configure Uplink Ports to Layer3 Core Switch where VLAN IP Interface resides ?

For example, if 1:28 ist the interswitch link between Access and Core (Uplink), do I only have to configure
"configure trusted-ports 1:28 trust-for dhcp-server"
and that ́s it for all VLANs ?
Or is it necessary to configure additionally
"enable ip-security dhcp-snooping vlan VLAN10 port 1:28 violation-action none"
"enable ip-security dhcp-snooping vlan VLAN11 port 1:28 violation-action none"
"enable ip-security dhcp-snooping vlan VLAN15 port 1:28 violation-action none"
 for every vlan where DHCP Snooping is enabled ?

I ́m asking due to https://extremeportal.force.com/ExtrArticleDetail?n=000008860&q=exos%20dhcp%20snooping
NOTE: Please ensure that ip-security dhcp-snooping is enabled on the port where the DHCP traffic is expected to ingress / egress the switch and ensure that the violation-action is set to none

Thanks,
Marcus
Photo of Marcus Mathuni

Marcus Mathuni

  • 116 Points 100 badge 2x thumb

Posted 6 months ago

  • 0
  • 3
Photo of David Coglianese

David Coglianese, Embassador

  • 7,388 Points 5k badge 2x thumb
The following is my understanding of what is needed. I am looking for confirmation of that though.

#Enable dhcp-snooping and configure the desired action for each VLAN

enable ip-security dhcp-snooping vlan black ports all violation-action drop-packet block-mac permanently

#Configure upstream ports as trusted for dhcp

configure trusted-ports 1:49,2:49 trust-for dhcp-server