[c-nsp] Performace - IP DHCP Snooping
Brandon Applegate
brandon at burn.net
Sun Aug 14 12:26:04 EDT 2011
On Sun, 14 Aug 2011, Alexander Clouter wrote:
> * Andrew Miehs <andrew at 2sheds.de> [2011-08-14 17:20:35+0200]:
>>
>> On 14/08/2011, at 12:56 PM, Alexander Clouter wrote:
>>> Two gotchas:
>>> * 'ip dhcp snooping database flash:dhcp-snoop.db', so that if the
>>> switch reboots all the clients do not get locked out
>>
>> I don't understand why you would require storing this data?
>>
>> The dhcp servers are on the trusted ports - and clients are all on untrusted.
>> What more information needs to be stored?
>>
> http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/snoodhcp.html#wp1090370
>
> Switch reloads occur for many reasons (power failures, IOS updates, etc)
> and you do not want all the workstations hanging off that switch being
> dead in the water when/if they do not renew their lease...
>
My understanding is that by itself - DHCP snooping doesn't require this.
Your workstations will not be 'dead in the water'. The switch will simply
have an empty table upon boot and rebuild as renewals etc flow. User
traffic itself will be unaffected.
But if you also run DAI - then this is required and the situation you
present would manifest. Personally I do the tracking anyway - even if not
enabling DAI initially. This way if DAI is added in the future it's one
less thing to check off the list of prerequisites.
--
Brandon Applegate - CCIE 10273
PGP Key fingerprint:
7407 DC86 AA7B A57F 62D1 A715 3C63 66A1 181E 6996
"SH1-0151. This is the serial number, of our orbital gun."
More information about the cisco-nsp
mailing list