Hello all!
Big networking noob here.
I would like to set up DHCP snooping and DAI on some switches, however I have many doubts on which ports to trust.
Right now DHCP snooping trusted ports are only the ones serving as uplinks between the switches and also the ones to which the DHCP server is connected. But, as far as I understand DAI trust should be given only to switches uplink ports (provided both sides are set with DAI)... what about the port leading to the DHCP server?
Should the DAI trust be assigned to that one as well?
For maximum security should I set up an ACL with a static IP and MAC of my DHCP server and scan the port against it?
Thanks!
No comments:
Post a Comment