Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
499
Views
4
Helpful
2
Replies

DHCP Snooping and DAI

Go to solution
Darrell Lawson Jr
Level 1
Level 1

‎01-23-2012 11:06 AM - edited ‎03-07-2019 04:30 AM

Hello,

I am looking into implementing DHCP Snooping and Dynamic Arp Inspection into my network but I am a little confused. Here is my layout:

1. One 6509 running as the DHCP server and the dhcp database is saved to flash

2. Five 3500 switches each with a connection to the 6509 that support dhcp clients

I understand that DAI must reference the dhcp database to funtion so my question is this. Once DAI is configured on the 3500's, is it possible to point them to reference the dhcp database that lives in the 6509 flash?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
cadet alain
VIP Alumni
VIP Alumni

‎01-23-2012 01:13 PM

HI,

DAI is referencing the DHCP snooping database which is not the DHCP database.

The DHCP snooping database is constructed when clients get a DHCP leased address because the switch where DHCP snooping is configured is looking at the DHCP messages and so knows the MAC address of the client, the port where it is and the IP it got.

Don't forget to rate if helpful.

Regards.

Alain

Don't forget to rate helpful posts.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
cadet alain
VIP Alumni
VIP Alumni

‎01-23-2012 01:13 PM

HI,

DAI is referencing the DHCP snooping database which is not the DHCP database.

The DHCP snooping database is constructed when clients get a DHCP leased address because the switch where DHCP snooping is configured is looking at the DHCP messages and so knows the MAC address of the client, the port where it is and the IP it got.

Don't forget to rate if helpful.

Regards.

Alain

Don't forget to rate helpful posts.
0 Helpful

Go to solution
Mohamed Sobair
Level 7
Level 7

‎01-23-2012 01:32 PM

Hello,

Just make sure the Interconnection between the Switches are configured as TRUSTED interfaces to bybass the validation check just like when you do the same with DHCP Snooping. the command is (ip arp inspection trust) interface command.

and You typically leave all host ports as untrusted ports.

Regards,

Mohamed

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card