This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

EXOS - Configure IP-Security DHCP-Snooping Trusted Ports

EXOS - Configure IP-Security DHCP-Snooping Trusted Ports

Marcus_Mathuni
New Contributor

‎05-08-2018 07:01 AM

Hi,
Hardware is X450G2, Firmware 22.4.1.4.
I´d like to configure "ip-security dhcp-snooping" on Layer2 Access Switch for a few VLANs. How to configure Uplink Ports to Layer3 Core Switch where VLAN IP Interface resides ?

For example, if 1:28 ist the interswitch link between Access and Core (Uplink), do I only have to configure
"configure trusted-ports 1:28 trust-for dhcp-server"
and that´s it for all VLANs ?
Or is it necessary to configure additionally
"enable ip-security dhcp-snooping vlan VLAN10 port 1:28 violation-action none"
"enable ip-security dhcp-snooping vlan VLAN11 port 1:28 violation-action none"
"enable ip-security dhcp-snooping vlan VLAN15 port 1:28 violation-action none"
for every vlan where DHCP Snooping is enabled ?

I´m asking due to https://extremeportal.force.com/ExtrArticleDetail?an=000080865
NOTE: Please ensure that ip-security dhcp-snooping is enabled on the port where the DHCP traffic is expected to ingress / egress the switch and ensure that the violation-action is set to none

Thanks,
Marcus

0 Kudos
1 REPLY 1

davidj_cogliane
Contributor

‎10-01-2018 02:59 PM

The following is my understanding of what is needed. I am looking for confirmation of that though.

#Enable dhcp-snooping and configure the desired action for each VLAN

enable ip-security dhcp-snooping vlan black ports all violation-action drop-packet block-mac permanently

#Configure upstream ports as trusted for dhcp

configure trusted-ports 1:49,2:49 trust-for dhcp-server

0 Kudos
GTM-P2G8KFN