Configure Trusted and Untrusted Ports

Use the following procedure to set the trust factor associated with a port for DHCP Snooping. By default, the trust factor is set to untrusted.

Note

Note

For ports that are members of an MLT, DHCP Snooping must be configured using the MLT configuration mode.

Before you begin

You must enable DHCP Snooping globally.

Procedure

  1. Enter Interface Configuration mode:

    enable

    configure terminal

    interface GigabitEthernet {slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]} or interface mlt <1-512>

    Note

    Note

    If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port.

  2. Configure the trust factor for the port:

    ip dhcp—snooping <trusted|untrusted>

    Note

    Note

    Configure ip dhcp-snooping trusted on a DHCP server switch port only.

Example

Switch:1>enable
Switch:1#configure terminal
Switch:1(config)#interface gigabitEthernet 1/2
Switch:1(config-if)#ip dhcp-snooping trusted

Variable Definitions

The following table defines parameters for the ip dhcp-snooping command.

Variable

Value

<trusted|untrusted>

Specifies the trust factor of the port for DHCP Snooping.
Note:

Configure ip dhcp-snooping trusted on a DHCP server switch port only.