01-23-2012 11:06 AM - edited 03-07-2019 04:30 AM
Hello,
I am looking into implementing DHCP Snooping and Dynamic Arp Inspection into my network but I am a little confused. Here is my layout:
1. One 6509 running as the DHCP server and the dhcp database is saved to flash
2. Five 3500 switches each with a connection to the 6509 that support dhcp clients
I understand that DAI must reference the dhcp database to funtion so my question is this. Once DAI is configured on the 3500's, is it possible to point them to reference the dhcp database that lives in the 6509 flash?
Solved! Go to Solution.
01-23-2012 01:13 PM
HI,
DAI is referencing the DHCP snooping database which is not the DHCP database.
The DHCP snooping database is constructed when clients get a DHCP leased address because the switch where DHCP snooping is configured is looking at the DHCP messages and so knows the MAC address of the client, the port where it is and the IP it got.
Don't forget to rate if helpful.
Regards.
Alain
01-23-2012 01:13 PM
HI,
DAI is referencing the DHCP snooping database which is not the DHCP database.
The DHCP snooping database is constructed when clients get a DHCP leased address because the switch where DHCP snooping is configured is looking at the DHCP messages and so knows the MAC address of the client, the port where it is and the IP it got.
Don't forget to rate if helpful.
Regards.
Alain
01-23-2012 01:32 PM
Hello,
Just make sure the Interconnection between the Switches are configured as TRUSTED interfaces to bybass the validation check just like when you do the same with DHCP Snooping. the command is (ip arp inspection trust) interface command.
and You typically leave all host ports as untrusted ports.
Regards,
Mohamed
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide