Mahmoud,
With respect to DHCP Snooping, you need to trust all interfaces that face
the DHCP Server, and NOT trust all interfaces facing clients (the default).
As for IPSG, there is no much value in configuring it on the trunk links, as
these links would be facing the "inside" of your network. You should turn on
IPSG on in edge interfaces as well.
Apart from these, your config looks alright to me.
Sadiq
On Sun, Mar 21, 2010 at 9:56 PM, Mahmoud Eldeeb <eng.futurama_at_gmail.com>wrote:
> Dear All,
>
> I,m trying to configure dhcp snooping & IP source guard for my network
> which
> is 5 access switches, BBsw1, MS DHCP server,
> also I applied vlan per switch vlan range is 10 , 20 , 30 , 40 , 50 and
> vlan
> 60 for switches management . dhcp server IP 10.1.1.1/24
> I configured all switches as follows
> Switch(config)# ip dhcp snooping
> Switch(config)# ip dhcp snooping vlan 10 20
> Switch(config)# interface range fa0/24
> Switch(config-if)# switchport trunk encapsulation dot1q
> Switch(config-if)# switchport mode trunk
> Switch(config-if)# switchport trunk native vlan (10(20)(30).....
> Switch(config-if)# switchport trunk allowed vlan 60
> Switch(config-if)# no ip dhcp snooping trust
> Switch(config-if)# ip verify source vlan dhcp-snooping
>
> what should be the best configuration for my scenario
>
> --
> Best Regards,
> Mahmoud Eldeeb
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- CCIE #19963 Blogs and organic groups at http://www.ccie.netReceived on Sun Mar 21 2010 - 22:10:50 ART
This archive was generated by hypermail 2.2.0 : Thu Apr 01 2010 - 07:26:35 ART