Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3069
Views
0
Helpful
3
Replies

Configuring ip dhcp snooping database with scp

edhanceinc
Level 1
Level 1

‎02-11-2011 02:14 PM - edited ‎03-06-2019 03:30 PM

Hi,

Just spoke to the TAC and didn't get the information needed.  When configuring ip dhcp snooping database I am adding this to my configuration:

ip dhcp snooping database scp://dhcpsec@192.168.1.50/home/dhcpsec/switch1.dhcp.database.txt

I assumed that to do this I would either specify the password on the command line, similar to the way its done when using ftp/http, or that I would need to create a public/private key.

I have enabled scp and can manually copy a file from the switch to the linux server. So I believe I have all the aaa commands correct.

Cisco WS-C3560G-24PS

System image file is "flash:/c3560-ipservicesk9-mz.122-55.SE.bin"

Does anyone know how to do this properly?

Thanks,

James

Labels:
0 Helpful
3 Replies 3

Matthew Blanshard
Cisco Employee
Cisco Employee

‎02-15-2011 11:44 AM

Hello James,

You would do it like this:

ip dhcp snooping database scp://dhcpsec:password@192.168.1.50/home/dhcpsec/switch1.dhcp.database.txt

-Matt

0 Helpful

edhanceinc
Level 1
Level 1
In response to Matthew Blanshard

‎02-15-2011 01:12 PM

Hi,

Support told me I had to create a user:

username dhcpsec privilege 2 password 0 password

That the user created above would have to have the same password as the one on the Linux machine.  They also told me there is a bug that keeps SCP from working now, and that bug has been reported fixed but isn't available for download.

Any thoughts?

James

0 Helpful

Michal Janowski
Cisco Employee
Cisco Employee
In response to edhanceinc

‎02-11-2013 05:04 AM

Hi James,

Have You got NTP configured? There is ntp dependency in order to copying dhcp snooping database work corectly.

Here (http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/12.2_55_se/configuration/guide/swdhcp82.html#wp1078853) You can find following statement:

If NTP is configured, the switch writes binding changes to the binding file only when the switch system clock is synchronized with NTP

which means:

ntp disabled = dhcp snooping database backup works

ntp enabled, clock synchronized = dhcp snooping database backup works

ntp enabled, clock NOT synchronized = dhcp snooping database backup DOES NOT work

So You need to configure one of the following (either disable or enable and sync) in order to copy database via snooping agent.


Have a nice day

p.s. I know that I do not have a good timing, but maby anyone else would find this comment useful


http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/12.2_55_se/configuration/guide/swdhcp82.html#wp1078853
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card