Configuration Guide (Supporting R2.2.0.0) Owner's manual
218 Brocade 6910 Ethernet Access Switch Configuration Guide
53-1002651-02
10
DHCP Snooping
Example
This example sets the DHCP Snooping Information circuit-id suboption string.
Console(config)#interface ethernet 1/1
Console(config-if)#ip dhcp snooping information option circuit-id string 6910
Console(config-if)#
ip dhcp snooping trust
This command configures the specified interface as trusted. Use the no form to restore the default
setting.
Syntax
[no] ip dhcp snooping trust
Default Setting
All interfaces are untrusted
Command Mode
Interface Configuration (Ethernet, Port Channel)
Command Usage
• A trusted interface is an interface that is configured to receive only messages from within the
network. An untrusted interface is an interface that is configured to receive messages from
outside the network or fire wall.
• Set all ports connected to DHCP servers within the local network or fire wall to trusted, and all
other ports outside the local network or fire wall to untrusted.
• When DHCP snooping is enabled globally using the ip dhcp snooping command, and enabled
on a VLAN with ip dhcp snooping vlan command, DHCP packet filtering will be performed on
any untrusted ports within the VLAN according to the default status, or as specifically
configured for an interface with the no ip dhcp snooping trust command.
• When an untrusted port is changed to a trusted port, all the dynamic DHCP snooping bindings
associated with this port are removed.
• Additional considerations when the switch itself is a DHCP client – The port(s) through which it
submits a client request to the DHCP server must be configured as trusted.
Example
This example sets port 5 to untrusted.
Console(config)#interface ethernet 1/5
Console(config-if)#no ip dhcp snooping trust
Console(config-if)#
Related Commands
“ip dhcp snooping” on page 212
“ip dhcp snooping vlan” on page 216