Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
498
Views
0
Helpful
3
Replies

Can I enable DHCP snooping without actually running DHCP? DAI + IPSG

issacgillngc
Level 1
Level 1

‎08-08-2023 12:05 PM

Hi All,

I'm looking at running dynamic ARP inspection (DAI) as well as IP Source Guard (IPSG) on our network.  I understand DAI and IPSG both utilize/reference the DHCP snooping database/table.  We don't utilize DHCP anywhere on this network, so is it possible to simply enable DHCP snooping globally on the switch(es) while not actually having a DHCP server configured thus not actually having any DHCP traffic on this network?

The switches in use are Nexus 9300 as well as Catalyst 9300.

Thanks for any/all info!

-Issac

Labels:
0 Helpful
3 Replies 3

issacgillngc
Level 1
Level 1

‎08-08-2023 01:00 PM

It appears my question was answered in a thread about ARP ACLs Applying ARP ACLs for DAI Filtering - Cisco Community at least from a DAI perspective.  IPSG apparently also allows for manual ip bindings on that front Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 10.3(x) - Configuring IP Source Guard [Cisco Nexus 9000 Series Switches] - Cisco

0 Helpful

issacgillngc
Level 1
Level 1

‎08-08-2023 01:02 PM

If anyone knows of a hole in the plan let me know, otherwise it appears I can use manual IP-MAC bindings for IPSG and ARP ACLs for DAI on our Nexus 9k switches.

0 Helpful

issacgillngc
Level 1
Level 1

‎08-10-2023 06:06 AM

Unfortunately, the above DAI info doesn't seem to apply to Nexus 9300 switches - still looking for info if anyone happens to have a Nexus solution for DAI without dhcp + dhcp snooping for dynamic arp inspection

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card