Hi all,
I am just looking at using extreme as edge switches, have been using them for core and aggregation for years. We have a large network with two central DHCP servers which we then use UDP forwarding from each user vlan.
As I see it, we need to enable dhcp snooping on all ports of the switch including the uplinks so they see the server packets on the uplinks as well as the client packets on the edge ports. This will discard server packets on all ports by default so we either need to set the uplinks as trusted ports or use the trusted server feature.
The trusted server commend is better because it will guard against rogue packets on the uplinks too, but there is a limit of 8 and if we have four user vlans on a switch, we would need to issue two trusted server commands for each of the central servers on each vlan (eight commands) PLUS one per VLAN for the local gateway relay address so we will easily run out of trusted servers.
Is this right? How do people get round this, or do you just use the trusted port commands for large networks?
Also, I have read somewhere you can't put snooping on LAG ports, as all our uplinks are LAGged does this mean the feature is completely useless to us anyway?
