including IP addresses, MAC addresses, and CVLANs, before sending the packets to clients. For
more information, see Layer 2—LAN Switching Configuration Guide.
Application environment of trusted ports
Configuring a trusted port connected to a DHCP server
As shown in
should be configured as a trusted port. The trusted port forwards reply messages from the authorized
DHCP server to the client, but the untrusted port does not forward reply messages from the unauthorized
DHCP server. This ensures that the DHCP client obtains an IP address from the authorized DHCP server.
Figure 36 Configuring trusted and untrusted ports
Trusted
Untrusted
DHCP client
DHCP reply messages
Configuring trusted ports in a cascaded network
In a cascaded network involving multiple DHCP snooping devices, the ports connected to other DHCP
snooping devices should be configured as trusted ports.
To save system resources, you can disable the trusted ports, which are indirectly connected to DHCP
clients, from recording client IP-to-MAC bindings upon receiving DHCP requests.
Figure
36, the DHCP snooping device port that is connected to an authorized DHCP server
DHCP server
DHCP snooping
Untrusted
Unauthorized
DHCP server
75