This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

dhcp-snooping trusted servers

dhcp-snooping trusted servers

David_Rickard
New Contributor

‎07-11-2016 09:02 AM

Hi all,

I am just looking at using extreme as edge switches, have been using them for core and aggregation for years. We have a large network with two central DHCP servers which we then use UDP forwarding from each user vlan.

As I see it, we need to enable dhcp snooping on all ports of the switch including the uplinks so they see the server packets on the uplinks as well as the client packets on the edge ports. This will discard server packets on all ports by default so we either need to set the uplinks as trusted ports or use the trusted server feature.

The trusted server commend is better because it will guard against rogue packets on the uplinks too, but there is a limit of 8 and if we have four user vlans on a switch, we would need to issue two trusted server commands for each of the central servers on each vlan (eight commands) PLUS one per VLAN for the local gateway relay address so we will easily run out of trusted servers.

Is this right? How do people get round this, or do you just use the trusted port commands for large networks?

Also, I have read somewhere you can't put snooping on LAG ports, as all our uplinks are LAGged does this mean the feature is completely useless to us anyway?
0 Kudos
15 REPLIES 15

David_Rickard
New Contributor

‎07-13-2016 06:47 AM

We have a large network with two central DHCP servers which we then use UDP forwarding from each user vlan. The problem is that we have seen once DHCP clients have had a response to the initial broadcast, they seem to unicast directly to the server IP, so our current snooping settings (on HP switches) has to recognise the local relay agent and the central servers. That's fine but when the settings are tied to a VLAN, that means three trusted servers have to be enabled per vlan and with a limit of 8 across the whole switch, that means we can't have more than two vlans with DHCP.

0 Kudos

Balaji
Extreme Employee

‎07-12-2016 06:54 PM

David,

How many DHCP Servers do you have ?
0 Kudos

David_Rickard
New Contributor

‎07-12-2016 05:55 AM

No problem Daniel, if you have any advice regarding the snooping I'd be really grateful, this seems very confusing.
0 Kudos

dflouret
Extreme Employee

‎07-12-2016 05:16 AM

I'm sorry, I misread your question.
0 Kudos

David_Rickard
New Contributor

‎07-12-2016 04:36 AM

Why? We have udp forwarding working well, has been for years on many switches. My question is about dhcp-snooping,
0 Kudos
GTM-P2G8KFN