05-07-2015 01:15 PM - edited 03-07-2019 11:55 PM
Hi,
I am planning to implement dhcp snooping. The main purpose is to fence off the rogue (spurious) DHCP servers (such as the home routers accidentally plugged into the network).
I know, DAI (Dynamic ARP Inspection) and IP source guard depending on the 'dhcp snooping database' to function properly. But we are not looking to implement these two functions.
My question is if we don't need 'DAI', neither 'IP source guard', is it a must to configure dhcp snooping data base? Or it is only optinal?
Thanks.
05-07-2015 02:21 PM
The database-agent is optional but highly recommended if you need to rely on the content of the database. Based on your needs, the database is not really used as all you need is the function of a trusted or untrusted port. I would say you can skip it without any problems.
05-07-2015 08:54 PM
Thank you Karsten for the analysis.
I will keep this open for a while and let others to comment.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide