Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

dhcp-snooping and arp-protection trusted ports versus LACP

Graham Allan
Advisor

dhcp-snooping and arp-protection trusted ports versus LACP

I've been trying out dhcp-snooping on one or two of our switches, and am hoping there is a way around a configuration issue.

I configure our switches so that a set of uplink ports are enabled for LACP, and also trusted for dhcp-snooping. The idea being to have a standard configuration, where we have the option to connect multiple ports to make a trunk.

Of course the problem is, when one makes the uplink into a LACP trunk, the original ports "disappear" as trusted port, and are replaced by a "Dyn1" port which is untrusted.

Is there any way around this other than to go back and set the Dyn1 port as trusted retrospectively. Is it possible to automatically trust any and all LACP (dynamic-created) trunks? Maybe a stupid configuration in some respects, but our regular edge ports use mac-based/radius port-access control, so lacp is not possible or an issue for them.

I guess the only obvious option I can think of is to define static LACP trunks on the specific ports...
2 REPLIES
Graham Allan
Advisor

Re: dhcp-snooping and arp-protection trusted ports versus LACP

Having written the question, I have to feel it doesn't make much sense - the right answer is surely just to make static lacp trunks... not hard.
BL460C
Advisor

Re: dhcp-snooping and arp-protection trusted ports versus LACP

 

I am bringing things back from the dead today .....

 

Dynamic LACP sounds great in theory then all the limitations kick in

 

must use GVRP for VLAN trunks

 

can't use DHCP Snooping

 

can't use ARP Protection

 

can't use anything that relys on knowing the TRKX number as the DYNX is Dyanmic .. hence the name

 

many more ...

 

Pros

 

Makes the configs soooo simple for trunks

 

interface X

   name "My Interface"

   lacp active

   exit