It seems that this message did not make into the group (google does not show it), so I repeat.
Please consider the following setup (use a fixed width font):
CustomerB | Server -Fe0/1- SwitchA -Fe0/2- SwitchB - CustomerA | CustomerC
I enable DHCP snooping on SwitchA and mark port Fe0/1 as trusted. Everything works fine for the customers.
However as soon as I enable DHCP snooping on SwitchB also, SwitchA refuses to forward DHCP requests from CustomerA to Server because:
SwitchA: DHCP_SNOOPING: drop message with non-zero giaddr or option82 value on untrusted port, message type: DHCPREQUEST
On SwitchA, I tried to mark Fe0/2 also as trusted, but this causes a broadcast storm of DHCPREQUESTs (it seems that SwitchA receives a DHCPREQUEST from CustomerA via Fe0/2 and forwards it back to Fe0/2 because it is a trusted port).
Any ideas how I could protect the whole switched network from rogue DHCP servers? There is only one authorized DHCP server (the Server behind SwitchA).