Configure DHCP Trusted Interface Settings on a Switch through the CLI

Objective

This article aims to show you how to configure DHCP Trusted Interface Settings on your switch through the Command Line Interface (CLI).

Introduction

Dynamic Host Configuration Protocol (DHCP) snooping provides a security mechanism to prevent receiving false DHCP response packets and to log DHCP addresses. It does this by treating ports on the device as either trusted or untrusted.

A trusted port is a port that is connected to a DHCP server and is allowed to assign DHCP addresses. DHCP messages received on trusted ports are allowed to pass through the device. Packets from these ports are automatically forwarded. If DHCP Snooping is not enabled, all ports are trusted by default.

An untrusted port is a port that is not allowed to assign DHCP addresses. By default, all ports are considered untrusted until you declare them trusted.

To learn how to configure DHCP Trusted Interface Settings through the switch web-based utility, click here.

Applicable Devices

• Sx300 Series
• SG350X Series
• Sx500 Series
• SG500X

Software Version

• 1.4.8.06 - Sx300, Sx500, SG500X
• 2.3.0.130 - SG350X

Configure DHCP Trusted Interface Settings

This article assumes that DHCP snooping is already enabled on the switch.

Step 1. Connect your computer to the switch using a console cable and launch a terminal emulator application to access the switch CLI.

Note: In this example, PuTTY is used as the terminal emulator application.

Step 2. In the PuTTY Configuration window, click Serial as the Connection type and enter the default speed for the serial line which is 115200. Then, click Open.

Step 3. In the CLI, enter the global configuration command mode by entering the following:

SG350X#configure terminal

Note: In this example, the switch used is SG350X-48MP.

Step 4. Once you are on the global configuration mode, enter the specific port or interface that you want to tag as trusted by entering the following:

SG350X(config)#interface ge 1/0/1

Note: In this example, interface ge1/0/1 is used. This stands for Gigabit Ethernet port number/stack number (if your switch belongs to a stack) /switch number.

Step 5. Enter the trust command by entering the following:

SG350X(config-if)#ip dhcp snooping trust

Note: The prompt has now changed from (config) to (config-if) indicating that the configuration is for the specific port mentioned in the previous command.

Step 6. Exit the specific interface and the global configuration command mode to go back to the privileged EXEC mode by entering the following:

SG350X(config-if)#exit SG350X(config)#exit

Step 7. (Optional) To permanently save the settings, enter the following:

SG350X#copy running-config startup-config

Step 8. Enter Y in the Overwrite file prompt to indicate Yes and to save the settings to the startup configuration file.

Overwrite file [startup-config]....(Y/N) [N]?Y

Step 9. (Optional)Verify if the newly-configured settings on the chosen port are now applied by entering the following:

SG350X#show running-config dhcp

The newly-configured settings should now appear:

You now have successfully configured the Trusted Interface Settings on your switch through the CLI.

Revision History

Revision	Publish Date	Comments
1.0	13-Dec-2018	Initial Release