set protocols dhcp snooping trust-port
- Tracy Yang
The set protocols dhcp snooping trust-port command configures an interface as a trust interface for DHCP snooping.
Command Syntax
set protocols dhcp snooping trust-port <interface-name>
Parameters
Parameter | Description |
trust-port <interface-name> | Specifies an interface name. The interface can be either a physical interface or an aggregated interface. By default, all interfaces are untrusted interfaces. |
Usage Guidelines
In order to make the DHCP client obtain an IP address from a legitimate DHCP server, the device interface directly or indirectly connected to the DHCP server trusted by the administrator must be set to the trust interface, so as to prevent a spoofing DHCP server from assigning an IP address to the DHCP client.
The trusted interface forwards DHCP packets received from the DHCP server normally, whereas the untrusted interface discards DHCP ACK and DHCP OFFER packets received from the DHCP server.
Example
- Configure ge-1/1/1 as trust port for DHCP snooping.
admin@Xorplus# set protocols dhcp snooping trust-port ge-/1/1/1
Copyright © 2024 Pica8 Inc. All Rights Reserved.