04-23-2007 05:13 AM - edited 03-05-2019 03:36 PM
Hi
We would like to implement DHCP Snooping in the UserAccess-Layer of our LAN. But as our Printers use static IP-Adresses, and our Workplace-Mgmt does not want to mess up with IOS-CLI, we should provide them the possibilty to enable and disable IP Source Guard with a Web-Interface which configures the switches via SNMP.
Unfortunately, the Implementation of the DHCP-Snooping-MIB seems to be incomplete on the c3560, some OIDs give answer, but neither cdsIfSrcGuardFilterType (1.3.6.1.4.1.9.9.380.1.6.1.1.2, current) nor cdsIfSrcGuardEnable (1.3.6.1.4.1.9.9.380.1.6.1.1.1, deprecated) do give any answers on snmpwalk or react on snmpset.
We use c3560-ipservicesk9-mz.122-25.SEE3.bin, same problem on c3560 and c3560G.
Is there any other way to enable/disable IP Source Guard via SNMP, or is it planned to complete the DHCP-Snooping-MIB in one of the upcoming IOS-Releases for the c3560?
thanks and greetings from switzerland
04-27-2007 10:30 AM
DHCP snooping is to filter untrusted DHCP messages between untrusted DHCP client and server.Refer URL
04-30-2007 02:58 AM
DHCP Snooping does more than that, it also creates a database which is used by IP Source Guard, preventing Man-In-The-Middle-Attacks. If you don't have DHCP Snooping enabled, you would have to allow the MAC-Adresses by manually configuring them for each Interface (ip source binding), which would be a nightmare in operating. That's why IP Source Guard is integrated into DHCP-Snooping-MIB.
So to better declare our problem (I am in the same department as bbo): it is not the DHCP-Snooping which we care about, but controlling IP Source Guard via SNMP.
According to Ciscos SNMP object navigator, this should be included in the DHCP-Snooping-MIB, except that it's not, at least not on Catalyst 3650 with current IOS.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide