dhcp snooping

If I understand DHCP Snooping is configured  at the global level on the switch then we can select the port where the trusted DHCP server is plugged into, and configure that port as DHCP snooping trust.
In most environment when the first time they set up an access switch they don't configure it for DHCP snooping.
the very rare scenarios they set up DHCP snooping only on the access switch where the trusted DHCP  is plugged to.
So what about other access switches? do they need to be configured for DHCP snooping too? if so, why it is not enabled by default by cisco at the first place?


Who is Participating?
amulheirnConnect With a Mentor Commented:
Hi -

Yes - DHCP snooping needs to be configured on access switches too.  The ports that you put as trust would be the uplink ports to the core switch.

I guess it is not configured by default because Cisco don't know which ports you are going to use for your uplinks.


jskfanAuthor Commented:
I thought the DHCP snooping is configure on access ports that s where usually windows servers(DHCP) are connected to.

Cisco has many security features that are not enabled by default but critical:
DHCP Snooping
ARP Inspection
Port Security Violation.

why are not enabled by default ?
jskfanAuthor Commented:
any updates??
jskfanAuthor Commented:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.