[c-nsp] IP Source guard question

William Jackson wjackson at sapphire.gi
Mon Jul 9 09:18:21 EDT 2007


Hi all

 

I have seen on the documentation for the IP source guard feature for the
6500 series that you are limited to ten IP addresses  per port.

 

Do these same restrictions apply to the 4500/3750/3550 series switches
as their documentation does not seem to indicate an IP address limit?

 

I wish to use a snooping device as a layer 2 edge to a large vlan with a
lot more than 10 devices...

 

Also...

 

Implementing this type of solution and the snooping database issues
involved with it would seem to indicate that a HSRP/VRRP solution would
be out of the question ( due to the need to share the database of the
entries ).

But if the snooping database was backed up externally to a tftp server 

 

Eg:

ip dhcp snooping database tftp://x.x.x.x/snoop.db

 

and both HSRP/VRRP units where to share this database from the tftp
server, would this work in a active/failover HSRP setup??

 

Opinions?

 

cheers



More information about the cisco-nsp mailing list