I have a 4500x at the core. My dhcp server is connected here and then I have client 2960x switches. I am seeing "bad address" in a few scopes in my DHCP server. Snooping is on and I am wondering does "trust need to be setup end to end? From the port where the dhcp server is plugged in through all trunks to the client?
DHCP snooping is a security feature aimed to avoid Rogue DHCP server. So, if that is a concern, make sense then you protec all the way down to the clients. Otherwise, if you put is only on the access switch, your protection would be incomplete.
if there is any FW connect to core and it config with NAT, then the FW can reply to any ARP send from DHCP server for that subnet and this make client couldnot get ip from DHCP server.
DHCP BAD_ADDRESS occurs when the DHCP server is asked for an IP and it detects that the IP is in use. in the sense, that IP is already given out by the DHCP server or (rogue) DHCP server.
Thanks, Jitendra
Getting Started
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:
