ā06-27-2022 11:19 AM
I have a 4500x at the core. My dhcp server is connected here and then I have client 2960x switches. I am seeing "bad address" in a few scopes in my DHCP server. Snooping is on and I am wondering does "trust need to be setup end to end? From the port where the dhcp server is plugged in through all trunks to the client?
If that makes sense.
thanks
ā06-27-2022 11:34 AM
Hi,
It needs to be enabled on the access switches connecting to the core and also at the 4500x where the DHCP is connected.
HTH
ā06-27-2022 11:45 AM
Hi
DHCP snooping is a security feature aimed to avoid Rogue DHCP server. So, if that is a concern, make sense then you protec all the way down to the clients. Otherwise, if you put is only on the access switch, your protection would be incomplete.
ā06-27-2022 11:49 AM
are there any FW connect to Core SW ??
if yes then
disable proxy-arp
ā07-14-2022 07:57 AM
on the core?
ā07-14-2022 08:08 AM
if there is any FW connect to core and it config with NAT, then the FW can reply to any ARP send from DHCP server for that subnet and this make client couldnot get ip from DHCP server.
ā06-28-2022 03:47 AM
DHCP BAD_ADDRESS occurs when the DHCP server is asked for an IP and it detects that the IP is in use. in the sense, that IP is already given out by the DHCP server or (rogue) DHCP server.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: