cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
403
Views
1
Helpful
5
Replies

DHCP Snooping and Static IP Addresses

Gregman3800
Level 1
Level 1

When using DHCP Snooping along with static IP addresses I understand that you will need to add those IP addresses to the binding database for DAI and IP verify source to work.  My question is if this is worth it?  It seems like a huge pain to list all of these IP addresses and possibly MAC addresses manually.  Just wanted to know what the community thinks about this hardening requirement.  Thanks!

1 Accepted Solution

Accepted Solutions

M02@rt37
VIP
VIP

Hello @Gregman3800 

 

This approach significantly enhances network security, it involves a substantial administrative burden when static IP addresses are used, as each static IP and its corresponding MAC address must be manually added to the DHCP Snooping binding database. This task is labor-intensive and error-prone, especially in large networks, leading to potential scalability issues and the risk of misconfigurations that could disrupt network operations...

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

5 Replies 5