I am looking to enable DHCP snooping on my Core EX3300 Virtual Chassis with no downtime for end users. My question is regarding what interfaces will be trusted and untrusted and if my clients will still be able to reach the DHCP server when I turn the protocol on. My topology is as follows:
Core EX3300 Virtual Chassis that acts as both the aggregation and access layer. All clients are connected to this switch and are included within one of three vLANs that include an RVI for routing.
EX4550 Virtual Chassis connected to the physical server hosts. A dedicated vLAN with an RVI is used to connect this switch with the Core via OSPF. The DHCP servers reside on a fifth vLAN with an RVI that originates from this EX4550 VC.
The Core switch uses the bootp relay-agent-options to provide DHCP to the client vLANs
I understand that DHCP-Snooping will need to be activated at the vLAN level on the Core switch. I know DHCP-Snooping automatically marks trunk links as trusted. I am under the impression that DHCP-Snooping will understand that the DHCP server is communicating via L3 will snoop and allow traffic.
Can I just enable DHCP-Snooping on the client vlans? or do I need to mark the vlan connecting the Core and Server switches as trusted? I know I can just turn it on and commit confirmed to see what happens but I figured I would check here to see if anyone know the answer.