Installation manual
4-165
SIGNAMAX LLC • www.signamax.eu
Command Usage
• When DHCP snooping enabled globally using the ip dhcp snooping command
(page 4-163), and enabled on a VLAN with this command, DHCP packet filtering
will be performed on any untrusted ports within the VLAN as specified by the ip
dhcp snooping trust command (page 4-165).
• When the DHCP snooping is globally disabled, DHCP snooping can still be
configured for specific VLANs, but the changes will not take effect until DHCP
snooping is globally re-enabled.
• When DHCP snooping is globally enabled, configuration changes for specific
VLANs have the following effects:
- If DHCP snooping is disabled on a VLAN, all dynamic bindings learned for this
VLAN are removed from the binding table.
Example
This example enables DHCP snooping for VLAN 1.
Related Commands
ip dhcp snooping (4-163)
ip dhcp snooping trust (4-165)
ip dhcp snooping trust
This command configures the specified interface as trusted. Use the no form to restore
the default setting.
Syntax
[no] ip dhcp snooping trust
Default Setting
All interfaces are untrusted
Command Mode
Interface Configuration (Ethernet, Port Channel)
Command Usage
• A trusted interface is an interface that is configured to receive only messages from
within the network. An untrusted interface is an interface that is configured to
receive messages from outside the network or firewall.
• Set all ports connected to DHCP servers within the local network or firewall to
trusted, and all other ports outside the local network or firewall to untrusted.
• When DHCP snooping ia enabled globally using the ip dhcp snooping command
(page 4-163), and enabled on a VLAN with ip dhcp snooping vlan command
(page 4-164), DHCP packet filtering will be performed on any untrusted ports within
the VLAN according to the default status, or as specifically configured for an
interface with the no ip dhcp snooping trust command.
Console(config)#ip dhcp snooping vlan 1
Console(config)#