Limit trusted-servers DHCP per VLAN


Userlevel 5
Hi,

Was almost reluctant to post this question in fear the answer is likely to be obvious, but I am trying to configure a trusted DHCP server, but I can only see a per VLAN configuration statement (trusted port to one side for now). So my configuration is per below:

configure trusted-servers vlan Stack2_Data add server 192.168.200.40 trust-for dhcp-server
configure trusted-servers vlan Mgmt-Stack2 add server 192.168.200.40 trust-for dhcp-server
configure trusted-servers vlan Wireless_CorpLaptop add server 192.168.200.40 trust-for dhcp-server
configure trusted-servers vlan Security_NW add server 192.168.200.40 trust-for dhcp-server
configure trusted-servers vlan Power-Bars add server 192.168.200.40 trust-for dhcp-server
configure trusted-servers vlan AV add server 192.168.200.40 trust-for dhcp-server
configure trusted-servers vlan Legacy-Data add server 192.168.200.40 trust-for dhcp-server
configure trusted-servers vlan Legacy-Wkstns add server 192.168.200.40 trust-for dhcp-server[/code]
When I get to the next line you get the following error:

Slot-1 STK-02.30 # configure trusted-servers vlan Stack2_Voice add server 192.168.200.40 trust-for dhcp-server
ERROR: No more than 8 trusted DHCP servers can be configured across all vlans.[/code]
This is because it is seeing each statement as individual DHCP servers even though they all have the same IP?

So my questions is if there is a different way to put the command in to achieve what I need, considering I would like to eventually configure two trusted DHCP servers, and have over 8 VLANs?

Perhaps this should just be done via the trusted port method instead, but I suspect something might be wrong with my syntax.

Running a stack of 4 x X440-G2' with version 22.2.1.5

Many thanks.

4 replies

Userlevel 6
Hi Martin,

I believe you can use this command instead.
"configure trusted-ports trust-for dhcp-server"

Usage Guidelines (for the Trusted-servers) from the command reference guide

If you configure trusted DHCP server, the switch forwards only DHCP packets from the trusted servers.

The switch drops DHCP packets from other DHCP snooping-enabled ports.
You can configure a maximum of eight trusted DHCP servers on the switch.

If you configure a port as a trusted port, the switch assumes that all DHCP server packets on that port are valid.
Userlevel 5
Hello Martin,

Maybe this script could help you.

How to configure DHCP Snooping on EXOS
https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-DHCP-Snooping-on-EXOS

Regards,
Bin
Userlevel 4
Hi Martin,

Your syntax looks no problem. The error log was occurred as you configured a trusted-dhcp server over more than 8 VLANs.

The reason that you are going to configure the DHCP server over several VLANs is that the trusted DHCP server is connected through a uplink port of this switch via tagged for several VLANs?
If yes, then you may need to use the "Trusted-port" configuration for the uplink port, as you are already considering.

If the trusted-DHCP server is directly connected to this switch, then I think you can just configure the VLAN only where the trusted DHCP server is directly connected as trusted-servers vlan.

Regards,
David
Userlevel 5
Thanks guys - that cleared it up for me 🙂

Reply