Configures one or more trusted DHCP ports.
ports | Specifies one or more ports to be configured as trusted ports. |
all | Specifies all ports to be configured as trusted ports. |
N/A.
To configure trusted DHCP ports, you must first enable DHCP snooping on the switch. To enable DHCP snooping, use the following command:
enable ip-security dhcp-snooping {vlan} vlan_name ports [all |ports] violation-action [drop-packet {[block-mac | block-port] [durationduration_in_seconds | permanently] | none]}] {snmp-trap}Trusted ports do not block traffic; rather, the switch forwards any DHCP server packets that appear on trusted ports. Depending on your DHCP snooping configuration, the switch drops packets and can disable the port temporarily, disable the port permanently, blackhole the MAC address temporarily, blackhole the MAC address permanently, and so on.
If you configure one or more trusted ports, the switch assumes that all DHCP server packets on the trusted port are valid.
To display the DHCP snooping configuration settings, including DHCP trusted ports if configured, use the following command: show ip-security dhcp-snooping {vlan} vlan_name
To display any violations that occur, including those on DHCP trusted ports if configured, use the following command: show ip-security dhcp-snooping violations {vlan} vlan_name
configure trusted-ports 2:2-2:3 trust-for dhcp-server
This command was first available in ExtremeXOS 11.6.
This command is available on ExtremeSwitching 5320, 5420, 5520, and 5720 series switches.