Configuring Trusted and Un-trusted Ports
Usually the port connected to server is configured as trusted port and the ports connected to client is configured as un-trusted port.
In this example, xe2 is connected to the DHCP client and xe1 is connected to the DHCP server.
- Configure xe2 connected to DHCP client as un-trusted port.
- Configure xe1 connected to the DHCP server as trusted port.
|
#configure terminal |
Enter Configure mode. |
|
(config)#interface xe1 |
Specify the interface to be configured |
|
(config-if)#ip dhcp snooping trust |
Enable the port as trusted. |
|
(config)#commit |
Commit Candidate config to running-config |
|
(config)#interface xe2 |
Specify the interface to be configured |
|
(config-if)#no ip dhcp snooping trust |
Disable the port as trusted. |
|
(config-if)#exit |
Exit interface mode |
|
(config)#commit |
Commit Candidate config to running-config |
Validation
Verify that static DHCP snooping entries are configured for the bridge:
Copy
#sh ip dhcp snooping binding bridge 1
Total number of static IPV4 entries : 1
Total number of dynamic IPV4 entries : 0
Total number of static IPV6 entries : 1
Total number of dynamic IPV6 entries : 0
MacAddress IpAddress Lease(sec) Type VLAN Interface
------------------ --------------- ---------- ------------- ---- ---------------
0011.1111.2222 1.1.1.1 0 static 2 xe2
0022.2222.3333 3ffe::1 0 static 2 xe2