Configure DHCP Trusted Interface Settings on a Switch through the CLI
PDF(86.5 KB) View with Adobe Reader on a variety of devices
ePub(152.9 KB) View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
Mobi (Kindle)(193.2 KB) View on Kindle device or Kindle app on multiple devices
Updated:December 13, 2018
This article aims to show you how to configure DHCP Trusted Interface Settings on your switch through the Command Line Interface (CLI).
Dynamic Host Configuration Protocol (DHCP) snooping provides a security mechanism to prevent receiving false DHCP response packets and to log DHCP addresses. It does this by treating ports on the device as either trusted or untrusted.
A trusted port is a port that is connected to a DHCP server and is allowed to assign DHCP addresses. DHCP messages received on trusted ports are allowed to pass through the device. Packets from these ports are automatically forwarded. If DHCP Snooping is not enabled, all ports are trusted by default.
An untrusted port is a port that is not allowed to assign DHCP addresses. By default, all ports are considered untrusted until you declare them trusted.
To learn how to configure DHCP Trusted Interface Settings through the switch web-based utility, click here.
1.4.8.06 - Sx300, Sx500, SG500X
18.104.22.168 - SG350X
Configure DHCP Trusted Interface Settings
This article assumes that DHCP snooping is already enabled on the switch.
Step 1. Connect your computer to the switch using a console cable and launch a terminal emulator application to access the switch CLI.
Note: In this example, PuTTY is used as the terminal emulator application.
Step 2. In the PuTTY Configuration window, click Serial as the Connection type and enter the default speed for the serial line which is 115200. Then, click Open.
Step 3. In the CLI, enter the global configuration command mode by entering the following:
Note: In this example, the switch used is SG350X-48MP.
Step 4. Once you are on the global configuration mode, enter the specific port or interface that you want to tag as trusted by entering the following:
SG350X(config)#interface ge 1/0/1
Note: In this example, interface ge1/0/1 is used. This stands for Gigabit Ethernet port number/stack number (if your switch belongs to a stack) /switch number.
Step 5. Enter the trust command by entering the following:
SG350X(config-if)#ip dhcp snooping trust
Note: The prompt has now changed from (config) to (config-if) indicating that the configuration is for the specific port mentioned in the previous command.
Step 6. Exit the specific interface and the global configuration command mode to go back to the privileged EXEC mode by entering the following:
Step 7. (Optional) To permanently save the settings, enter the following:
SG350X#copy running-config startup-config
Step 8. Enter Y in the Overwrite file prompt to indicate Yes and to save the settings to the startup configuration file.
Overwrite file [startup-config]....(Y/N) [N]?Y
Step 9. (Optional)Verify if the newly-configured settings on the chosen port are now applied by entering the following:
SG350X#show running-config dhcp
The newly-configured settings should now appear:
You now have successfully configured the Trusted Interface Settings on your switch through the CLI.