jskfan
asked on
dhcp snooping
If I understand DHCP Snooping is configured at the global level on the switch then we can select the port where the trusted DHCP server is plugged into, and configure that port as DHCP snooping trust.
In most environment when the first time they set up an access switch they don't configure it for DHCP snooping.
the very rare scenarios they set up DHCP snooping only on the access switch where the trusted DHCP is plugged to.
So what about other access switches? do they need to be configured for DHCP snooping too? if so, why it is not enabled by default by cisco at the first place?
Thanks
In most environment when the first time they set up an access switch they don't configure it for DHCP snooping.
the very rare scenarios they set up DHCP snooping only on the access switch where the trusted DHCP is plugged to.
So what about other access switches? do they need to be configured for DHCP snooping too? if so, why it is not enabled by default by cisco at the first place?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
any updates??
ASKER
thanks
ASKER
Cisco has many security features that are not enabled by default but critical:
DHCP Snooping
ARP Inspection
Port Security Violation.
why are not enabled by default ?