Application environment of trusted ports, Configuring trusted ports in a cascaded network – H3C Technologies H3C S12500 Series Switches User Manual

Page 89

Application environment of trusted ports

Configuring a trusted port connected to a DHCP server

Figure 35 Trusted port configuration

As shown in

Figure 35

, the trusted port forwards reply messages from the DHCP server to the client, but

the untrusted port connected to the unauthorized DHCP server cannot forward any reply messages. This

makes sure the DHCP client can obtain an IP address from the authorized DHCP server.

Configuring trusted ports in a cascaded network

In a cascaded network involving multiple DHCP snooping devices, the ports connected to other DHCP
snooping devices should be configured as trusted ports.
To save system resources, you can disable the trusted ports, which are not directly connected to DHCP

clients, from recording clients' IP-to-MAC bindings upon receiving DHCP requests.

Figure 36 Configuring trusted ports in a cascaded network

Trusted port disabled from recording binding entries

DHCP snooping

Switch A

DHCP snooping

Switch C

DHCP client

Host D

DHCP client

Host C

DHCP client

Host B

DHCP server

Device

DHCP snooping

Switch B

GE3/0/4

GE3/0/2

GE3/0/3

GE3/0/1

GE3/0/2

GE3/0/3

GE3/0/4

GE3/0/2

GE3/0/1

GE3/0/3

GE3/0/1

DHCP client

Host A

GE3/0/1

Untrusted port

Trusted port enabled to record binding entries

This manual is related to the following products:

H3C S9500E Series Switches H3C MSR 5600 H3C MSR 50 H3C MSR 3600 H3C MSR 30 H3C MSR 2600 H3C MSR 20-2X[40] H3C MSR 20-1X H3C MSR 930 H3C MSR 900 H3C SecPath F5020 H3C SecPath F5040 H3C VMSG VFW1000