Ip dhcp snooping trust, Ip dhcp snooping verify mac-address, No ip dhcp snooping trust – SMC Networks SMC Tiger 10/100 SMC6128PL2 User Manual

DHCP Snooping Commands

4-325

4

ip dhcp snooping trust

This command configures the specified interface as trusted. Use the no form to
restore the default setting.

Syntax

[no] ip dhcp snooping trust

Default Setting

All interfaces are untrusted

Command Mode

Interface Configuration (Ethernet, Port Channel)

Command Usage

• An untrusted interface is an interface that is configured to receive messages

from outside the network or firewall. A trusted interface is an interface that is
configured to receive only messages from within the network.

• When DHCP snooping enabled globally using the ip dhcp snooping

command (page 4-322), and enabled on a VLAN with this command, DHCP
packet filtering will be performed on any untrusted ports within the VLAN
according to the default status, or as specifically configured for an interface
with the no ip dhcp snooping trust command.

• When an untrusted port is changed to a trusted port, all the dynamic DHCP

snooping bindings associated with this port are removed.

• Additional considerations when the switch itself is a DHCP client – The port(s)

through which it submits a client request to the DHCP server must be
configured as trusted.

Example
This example sets port 5 to untrusted.

Related Commands

ip dhcp snooping (4-322)
ip dhcp snooping vlan (4-324)

ip dhcp snooping verify mac-address

This command verifies the client’s hardware address stored in the DHCP packet
against the source MAC address in the Ethernet header. Use the no form to disable
this function.

Syntax

[no] ip dhcp snooping verify mac-address

Default Setting

Enabled

Console(config)#interface ethernet 1/5
Console(config-if)#no ip dhcp snooping trust
Console(config-if)#