Limit trusted-servers DHCP per VLAN

  • 0
  • 1
  • Question
  • Updated 1 year ago
  • Answered
Hi,

Was almost reluctant to post this question in fear the answer is likely to be obvious, but I am trying to configure a trusted DHCP server, but I can only see a per VLAN configuration statement (trusted port to one side for now). So my configuration is per below:

configure trusted-servers vlan Stack2_Data add server 192.168.200.40 trust-for dhcp-server
configure trusted-servers vlan Mgmt-Stack2 add server 192.168.200.40 trust-for dhcp-server
configure trusted-servers vlan Wireless_CorpLaptop add server 192.168.200.40 trust-for dhcp-server
configure trusted-servers vlan Security_NW add server 192.168.200.40 trust-for dhcp-server
configure trusted-servers vlan Power-Bars add server 192.168.200.40 trust-for dhcp-server
configure trusted-servers vlan AV add server 192.168.200.40 trust-for dhcp-server
configure trusted-servers vlan Legacy-Data add server 192.168.200.40 trust-for dhcp-server
configure trusted-servers vlan Legacy-Wkstns add server 192.168.200.40 trust-for dhcp-server

When I get to the next line you get the following error:

Slot-1 STK-02.30 # configure trusted-servers vlan Stack2_Voice add server 192.168.200.40 trust-for dhcp-server
ERROR: No more than 8 trusted DHCP servers can be configured across all vlans.

This is because it is seeing each statement as individual DHCP servers even though they all have the same IP?

So my questions is if there is a different way to put the command in to achieve what I need, considering I would like to eventually configure two trusted DHCP servers, and have over 8 VLANs?

Perhaps this should just be done via the trusted port method instead, but I suspect something might be wrong with my syntax.

Running a stack of 4 x X440-G2' with version 22.2.1.5

Many thanks.
Photo of Martin Flammia

Martin Flammia

  • 6,108 Points 5k badge 2x thumb

Posted 1 year ago

  • 0
  • 1
Photo of Karthik Mohandoss

Karthik Mohandoss, Employee

  • 5,998 Points 5k badge 2x thumb
Hi Martin,

I believe you can use this command instead.
"configure trusted-ports <port #> trust-for dhcp-server"


Usage Guidelines (for the Trusted-servers) from the command reference guideĀ 

If you configure trusted DHCP server, the switch forwards only DHCP packets from the trusted servers.

The switch drops DHCP packets from other DHCP snooping-enabled ports.
You can configure a maximum of eight trusted DHCP servers on the switch.

If you configure a port as a trusted port, the switch assumes that all DHCP server packets on that port are valid.
Photo of Bin

Bin, Employee

  • 5,370 Points 5k badge 2x thumb
Hello Martin,

Maybe this script could help you.

How to configure DHCP Snooping on EXOS
https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-DHCP-Snooping-on-EXOS

Regards,
Bin
Photo of David Choi

David Choi, Employee

  • 1,966 Points 1k badge 2x thumb
Hi Martin,

Your syntax looks no problem. The error log was occurred as you configured a trusted-dhcp server over more than 8 VLANs.

The reason that you are going to configure the DHCP server over several VLANs is that the trusted DHCP server is connected through a uplink port of this switch via tagged for several VLANs?
If yes, then you may need to use the "Trusted-port" configuration for the uplink port, as you are already considering.

If the trusted-DHCP server is directly connected to this switch, then I think you can just configure the VLAN only where the trusted DHCP server is directly connected as trusted-servers vlan.

Regards,
David
Photo of Martin Flammia

Martin Flammia

  • 6,108 Points 5k badge 2x thumb
Thanks guys - that cleared it up for me :-)