cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

Limit trusted-servers DHCP per VLAN

Limit trusted-servers DHCP per VLAN

Anonymous
Not applicable
Hi,

Was almost reluctant to post this question in fear the answer is likely to be obvious, but I am trying to configure a trusted DHCP server, but I can only see a per VLAN configuration statement (trusted port to one side for now). So my configuration is per below:

configure trusted-servers vlan Stack2_Data add server 192.168.200.40 trust-for dhcp-server
configure trusted-servers vlan Mgmt-Stack2 add server 192.168.200.40 trust-for dhcp-server
configure trusted-servers vlan Wireless_CorpLaptop add server 192.168.200.40 trust-for dhcp-server
configure trusted-servers vlan Security_NW add server 192.168.200.40 trust-for dhcp-server
configure trusted-servers vlan Power-Bars add server 192.168.200.40 trust-for dhcp-server
configure trusted-servers vlan AV add server 192.168.200.40 trust-for dhcp-server
configure trusted-servers vlan Legacy-Data add server 192.168.200.40 trust-for dhcp-server
configure trusted-servers vlan Legacy-Wkstns add server 192.168.200.40 trust-for dhcp-server
When I get to the next line you get the following error:

Slot-1 STK-02.30 # configure trusted-servers vlan Stack2_Voice add server 192.168.200.40 trust-for dhcp-server
ERROR: No more than 8 trusted DHCP servers can be configured across all vlans.
This is because it is seeing each statement as individual DHCP servers even though they all have the same IP?

So my questions is if there is a different way to put the command in to achieve what I need, considering I would like to eventually configure two trusted DHCP servers, and have over 8 VLANs?

Perhaps this should just be done via the trusted port method instead, but I suspect something might be wrong with my syntax.

Running a stack of 4 x X440-G2' with version 22.2.1.5

Many thanks.
4 REPLIES 4

Anonymous
Not applicable
Thanks guys - that cleared it up for me ļ™‚

David_Choi
Extreme Employee
Hi Martin,

Your syntax looks no problem. The error log was occurred as you configured a trusted-dhcp server over more than 8 VLANs.

The reason that you are going to configure the DHCP server over several VLANs is that the trusted DHCP server is connected through a uplink port of this switch via tagged for several VLANs?
If yes, then you may need to use the "Trusted-port" configuration for the uplink port, as you are already considering.

If the trusted-DHCP server is directly connected to this switch, then I think you can just configure the VLAN only where the trusted DHCP server is directly connected as trusted-servers vlan.

Regards,
David

Bin
Extreme Employee
Hello Martin,

Maybe this script could help you.

How to configure DHCP Snooping on EXOS
https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-DHCP-Snooping-on-EXOS

Regards,
Bin

Karthik_Mohando
Extreme Employee
Hi Martin,

I believe you can use this command instead.
"configure trusted-ports trust-for dhcp-server"

Usage Guidelines (for the Trusted-servers) from the command reference guide

If you configure trusted DHCP server, the switch forwards only DHCP packets from the trusted servers.

The switch drops DHCP packets from other DHCP snooping-enabled ports.
You can configure a maximum of eight trusted DHCP servers on the switch.

If you configure a port as a trusted port, the switch assumes that all DHCP server packets on that port are valid.

GTM-P2G8KFN