received DHCP server message on untrusted port?

Hello

we are using a CRS328-24P-4S+ (FW long term 6.48.6) and have a question about “DHCP Snooping”.

I understood that only the port where the DHCP server hangs needs to be set to trusted. In our case DHCP server is connected to port 1.

DHCP snooping is enabled
ether1 (trusted port): Ubuntu DHCP Server (isc-dhcp-server)
ether4 (untrusted port): connected to (WLAN) access point

There is no DHCP server on the access point (ether4), it is configured as bridge mode.

Sometimes the following message appears in the log:
“ether4: received DHCP server message on untrusted port…”.

Did I miss something? Does ether4 on which the access point is connected also have to be marked as trusted port?

This message indicates that the switch received a message coming from a DHCP server ( probably a DHCP offer ) located to an untrusted port…
If it is not the AP itself using a DHCP server then it is a client connected to that AP…

This is just a warning message… Since snooping is enabled the switch will block all DHCP Offer/ACK messages coming to untrusted ports…

I have checked again. There is no DHCP server on the WLAN client either.
ether4: received DHCP server message on untrusted port from source IP 0.0.0.0, MAC xx:xx…

The MAC "xx:xx…"address shown is my second PC connecting via WLAN. It also gets an IP address. I can not explain why it comes to the message sometimes.

Can you /export hide-sensitive the switch configuration ?

Nope. The request was never sent to the server to begin with, and the port connected to the server is marked as trusted. I’m not even seeing DHCP packets get forwarded through the LAN bridge from other devices.