cancel
Showing results for 
Search instead for 
Did you mean: 

EXOS - Configure IP-Security DHCP-Snooping Trusted Ports

Marcus_Mathuni
New Contributor

Hi,
Hardware is X450G2, Firmware 22.4.1.4.
I´d like to configure "ip-security dhcp-snooping" on Layer2 Access Switch for a few VLANs. How to configure Uplink Ports to Layer3 Core Switch where VLAN IP Interface resides ?

For example, if 1:28 ist the interswitch link between Access and Core (Uplink), do I only have to configure
"configure trusted-ports 1:28 trust-for dhcp-server"
and that´s it for all VLANs ?
Or is it necessary to configure additionally
"enable ip-security dhcp-snooping vlan VLAN10 port 1:28 violation-action none"
"enable ip-security dhcp-snooping vlan VLAN11 port 1:28 violation-action none"
"enable ip-security dhcp-snooping vlan VLAN15 port 1:28 violation-action none"
for every vlan where DHCP Snooping is enabled ?

I´m asking due to https://extremeportal.force.com/ExtrArticleDetail?an=000080865
NOTE: Please ensure that ip-security dhcp-snooping is enabled on the port where the DHCP traffic is expected to ingress / egress the switch and ensure that the violation-action is set to none

Thanks,
Marcus

1 REPLY 1

davidj_cogliane
Contributor
The following is my understanding of what is needed. I am looking for confirmation of that though.

#Enable dhcp-snooping and configure the desired action for each VLAN

enable ip-security dhcp-snooping vlan black ports all violation-action drop-packet block-mac permanently

#Configure upstream ports as trusted for dhcp

configure trusted-ports 1:49,2:49 trust-for dhcp-server