Link to home
Start Free TrialLog in
Avatar of jskfan
jskfanFlag for Cyprus

asked on

dhcp snooping

If I understand DHCP Snooping is configured  at the global level on the switch then we can select the port where the trusted DHCP server is plugged into, and configure that port as DHCP snooping trust.
In most environment when the first time they set up an access switch they don't configure it for DHCP snooping.
the very rare scenarios they set up DHCP snooping only on the access switch where the trusted DHCP  is plugged to.
So what about other access switches? do they need to be configured for DHCP snooping too? if so, why it is not enabled by default by cisco at the first place?


Avatar of amulheirn
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of jskfan


I thought the DHCP snooping is configure on access ports that s where usually windows servers(DHCP) are connected to.

Cisco has many security features that are not enabled by default but critical:
DHCP Snooping
ARP Inspection
Port Security Violation.

why are not enabled by default ?
Avatar of jskfan


any updates??
Avatar of jskfan