cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
402
Views
0
Helpful
2
Replies

[solved] DHCP snooping in environment with core and access switches

Marian Hercek
Level 1
Level 1

Hello,

I'd like to know what steps are needed to configure DHCP snooping in my environment:

1) two core switches Catalyst 6500 (VSS): VLAN defined here, DHCP server connected here

2) access switches Catalyst 3750: clients connected here

Access switches are connected to core ones via trunk ports (fiber optics).

 

How many snooping databases are required?  One for core and next for each stack?

 

 

 

1 Accepted Solution

Accepted Solutions

Peter Paluch
Cisco Employee
Cisco Employee

Hi Marian,

If your network is properly designed and connected so that clients, including DHCP clients, are attached to the access layer switches, then the DHCP Snooping should be run only on access switches. Running DHCP Snooping on core switches is not going to increase the security because the DHCP communication has already been sanitized on the access layer.

If you intend to save the DHCP Snooping database then each switch performing the DHCP Snooping needs to have its own database if you intend to use a persistent storage for it. However, you can always have the switch to save the database to its own FLASH, alleviating the need for a centralized networked storage.

I am not sure if this answers your question so please feel welcome to ask further.

Best regards,
Peter

View solution in original post

2 Replies 2

Peter Paluch
Cisco Employee
Cisco Employee

Hi Marian,

If your network is properly designed and connected so that clients, including DHCP clients, are attached to the access layer switches, then the DHCP Snooping should be run only on access switches. Running DHCP Snooping on core switches is not going to increase the security because the DHCP communication has already been sanitized on the access layer.

If you intend to save the DHCP Snooping database then each switch performing the DHCP Snooping needs to have its own database if you intend to use a persistent storage for it. However, you can always have the switch to save the database to its own FLASH, alleviating the need for a centralized networked storage.

I am not sure if this answers your question so please feel welcome to ask further.

Best regards,
Peter

Thanks Peter.

It works fine.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco