Showing results for 
Search instead for 
Did you mean: 

EXOS - Configure IP-Security DHCP-Snooping Trusted Ports

New Contributor

Hardware is X450G2, Firmware
I´d like to configure "ip-security dhcp-snooping" on Layer2 Access Switch for a few VLANs. How to configure Uplink Ports to Layer3 Core Switch where VLAN IP Interface resides ?

For example, if 1:28 ist the interswitch link between Access and Core (Uplink), do I only have to configure
"configure trusted-ports 1:28 trust-for dhcp-server"
and that´s it for all VLANs ?
Or is it necessary to configure additionally
"enable ip-security dhcp-snooping vlan VLAN10 port 1:28 violation-action none"
"enable ip-security dhcp-snooping vlan VLAN11 port 1:28 violation-action none"
"enable ip-security dhcp-snooping vlan VLAN15 port 1:28 violation-action none"
for every vlan where DHCP Snooping is enabled ?

I´m asking due to
NOTE: Please ensure that ip-security dhcp-snooping is enabled on the port where the DHCP traffic is expected to ingress / egress the switch and ensure that the violation-action is set to none



The following is my understanding of what is needed. I am looking for confirmation of that though.

#Enable dhcp-snooping and configure the desired action for each VLAN

enable ip-security dhcp-snooping vlan black ports all violation-action drop-packet block-mac permanently

#Configure upstream ports as trusted for dhcp

configure trusted-ports 1:49,2:49 trust-for dhcp-server