The set protocols dhcp snooping trust-port command configures an interface as a trust interface for DHCP snooping.
set protocols dhcp snooping trust-port <interface-name>
Specifies an interface name. The interface can be either a physical interface or an aggregated interface. By default, all interfaces are untrusted interfaces.
In order to make the DHCP client obtain an IP address from a legitimate DHCP server, the device interface directly or indirectly connected to the DHCP server trusted by the administrator must be set to the trust interface, so as to prevent a spoofing DHCP server from assigning an IP address to the DHCP client.
The trusted interface forwards DHCP packets received from the DHCP server normally, whereas the untrusted interface discards DHCP ACK and DHCP OFFER packets received from the DHCP server.
- Configure ge-1/1/1 as trust port for DHCP snooping.