07-08-2019 09:18 PM
I have a new ISE POC going and was testing ISE/dot1x functionality without DHCP snooping. In past deployments the customers have either been open to enabling snooping, or already had it in use. Before saying it is a hard requirement, I have taken a minimalist approach testing without snooping. DHCP information is expectantly missing from the device sensor cache, but so far everything works as it should.
ISE is still receiving DHCP information via IP helpers, and the authentication sessions still have an IP assigned presumably via IP device tracking.
Some docs say snooping is optional, other say it's mandatory. With the combination of IP helpers and IP device tracking, what would we miss if DHCP snooping wasn't implemented to enable the DHCP device sensor?
Solved! Go to Solution.
07-09-2019 12:17 AM
https://community.cisco.com/t5/policy-and-access/ise-and-dhcp-snooping/td-p/2473425
M.
07-09-2019 12:17 AM
https://community.cisco.com/t5/policy-and-access/ise-and-dhcp-snooping/td-p/2473425
M.
07-09-2019 12:43 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide