Hi Friends,

i have a production network environment where i want to implement dhcp snooping and DAI. My setup is as below-

i have 35xx series switch at edge and 2 x 65xx series switcehs at the core. All edge swithc has 2 upink to the 2 core switches. STP is ruunig in the network, core switch 1 is configured as the primary root for all the valns and core switch 2 secondary root. An ether-channel is runnig between 2 core switches. Below are the stp commnds i run in both edge and core switches (uplinkfast is not runnig in the core switches)

spanning-tree mode pvst

spanning-tree loopguard default

spanning-tree uplinkfast

!

interface FastEthernet0/1

description *** User-Vlan-01 ***

switchport access vlan 10

switchport mode access

switch-port port-security

switch-port port-security aging time 300

switch-port port-security violation restrict    

spanning-tree portfast

spanning-tree bpduguard enable

Below are my querries-

1) Do i need to run any other stp related commands in the edge as well core switches in a typical production network?

Now i need to enable dhcp snooping and ARP inspection in my network. One point to mention is that there is a FWSM module in the core switch and the network setup is like FWSM>MSFC>Router. All the Vlans (User Vlan and Server Vlan) are the layer 3 interface of the FWSM. outside of the fwsm

connects to the MSFC.

My querry is -

2) What are the things i should take care before i implement dhcp snooping and DAI normally in a production LAN

3) Do i need to do any thing in the FWSM ? If YES, what are the things i should do ?

Appreciate your valuable inputs ASAP

Thanks and Regards

JCB