Application environment of trusted ports, Configuring trusted ports in a cascaded network – H3C Technologies H3C WX6000 Series Access Controllers User Manual
Page 395
38-2
z
Trusted: A trusted port forwards DHCP messages, ensuring that DHCP clients can obtain valid IP
addresses.
z
Untrusted: The DHCP-ACK or DHCP-OFFER packets received from an untrusted port are
discarded, preventing DHCP clients from receiving invalid IP addresses.
Application Environment of Trusted Ports
Configuring a trusted port connected with a DHCP server
A port that is connected with a DHCP server directly or indirectly should be configured as a trusted port,
so that the DHCP snooping device can forward reply messages from the DHCP server, ensuring the
DHCP clients to obtain IP addresses from the authorized DHCP server.
As shown in
, GigabitEthernet 0/0/1 on AC is connected with a DHCP server.
GigabitEthernet 0/0/1 should be configured as a trusted port, so that it can forward replies from the
DHCP server.
Figure 38-1
Configure a trusted port connected with the DHCP sever
Configuring trusted ports in a cascaded network
In a cascaded network involving multiple DHCP snooping devices, the ports connected to other DHCP
snooping devices should be configured as trusted ports.
To save system resources, you can disable the trusted ports, which are indirectly connected with DHCP
clients, from recording clients’ IP-to-MAC bindings.
As shown in
, AC A, AC B, and AC C are DHCP snooping devices. GigabitEthernet 0/0/2
and GigabitEthernet 0/0/3 on AC A, GigabitEthernet 0/0/1 and GigabitEthernet 0/0/2 on AC B, and
GigabitEthernet 0/0/2, GigabitEthernet 0/0/3, and GigabitEthernet 0/0/4 on AC C are configured as
trusted ports. Disable the trusted ports, GigabitEthernet 0/0/3 on AC A, GigabitEthernet 0/0/1 on AC B,
GigabitEthernet 0/0/3 and GigabitEthernet 0/0/4 on AC C, which are not directly connected to DHCP
clients, from recording client’s IP-to-MAC bindings.