configure trusted-ports trust-for dhcp-server

configure trusted-ports [ports|all] trust-for dhcp-server

Description

Configures one or more trusted DHCP (Dynamic Host Configuration Protocol) ports.

Syntax Description

ports Specifies one or more ports to be configured as trusted ports.
all Specifies all ports to be configured as trusted ports.

Default

N/A.

Usage Guidelines

To configure trusted DHCP ports, you must first enable DHCP snooping on the switch. To enable DHCP snooping, use the following command:

enable ip-security dhcp-snooping {vlan} vlan_name ports [all |ports] violation-action [drop-packet {[block-mac | block-port] [durationduration_in_seconds | permanently] | none]}] {snmp-trap}

Trusted ports do not block traffic; rather, the switch forwards any DHCP server packets that appear on trusted ports. Depending on your DHCP snooping configuration, the switch drops packets and can disable the port temporarily, disable the port permanently, blackhole the MAC address temporarily, blackhole the MAC address permanently, and so on.

If you configure one or more trusted ports, the switch assumes that all DHCP server packets on the trusted port are valid.

Displaying DHCP Trusted Server Information

To display the DHCP snooping configuration settings, including DHCP trusted ports if configured, use the following command: show ip-security dhcp-snooping {vlan} vlan_name

To display any violations that occur, including those on DHCP trusted ports if configured, use the following command: show ip-security dhcp-snooping violations {vlan} vlan_name

Example

The following command configures ports 2:2 and 2:3 as trusted ports:
configure trusted-ports 2:2-2:3 trust-for dhcp-server

History

This command was first available in ExtremeXOS 11.6.

Platform Availability

This command is available on the Summit X450-G2, X460-G2, X670-G2, X770, and ExtremeSwitching X440-G2, X620, X690, X870 series switches.