dhcp snooping

Posted on 2011-03-09
Last Modified: 2012-05-11
If I understand DHCP Snooping is configured  at the global level on the switch then we can select the port where the trusted DHCP server is plugged into, and configure that port as DHCP snooping trust.
In most environment when the first time they set up an access switch they don't configure it for DHCP snooping.
the very rare scenarios they set up DHCP snooping only on the access switch where the trusted DHCP  is plugged to.
So what about other access switches? do they need to be configured for DHCP snooping too? if so, why it is not enabled by default by cisco at the first place?


Question by:jskfan
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3

Accepted Solution

amulheirn earned 500 total points
ID: 35087731
Hi -

Yes - DHCP snooping needs to be configured on access switches too.  The ports that you put as trust would be the uplink ports to the core switch.

I guess it is not configured by default because Cisco don't know which ports you are going to use for your uplinks.



Author Comment

ID: 35092228
I thought the DHCP snooping is configure on access ports that s where usually windows servers(DHCP) are connected to.

Cisco has many security features that are not enabled by default but critical:
DHCP Snooping
ARP Inspection
Port Security Violation.

why are not enabled by default ?

Author Comment

ID: 35186608
any updates??

Author Closing Comment

ID: 35213032

Featured Post

Enroll in May's Course of the Month

May’s Course of the Month is now available! Experts Exchange’s Premium Members and Team Accounts have access to a complimentary course each month as part of their membership—an extra way to increase training and boost professional development.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
replacing 2811 to ISR 4331 2 80
Stack 2x HP ProCurve 5406zl Switches 9 51
hsrp tracking 2 63
DVR Camera Security System Port Forwading 7 73
I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are…
We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question