[c-nsp] Performace - IP DHCP Snooping

Alan Buxey A.L.M.Buxey at lboro.ac.uk
Sun Aug 14 16:02:25 EDT 2011


Hi,

> Two gotchas:
>  * 'ip dhcp snooping database flash:dhcp-snoop.db', so that if the 
> 	switch reboots all the clients do not get locked out

but thats really for the ARP stuff (DAI) for if the switch reloads
and doesnt SEE any DHCP request to build up IP/MAC mappings then it
wont trust a client.....ne that didnt realise it has to ask for
a new address...... for plain DHCP snooping you dont need to worry
about the  DHCP database......as all it does is stop clients
from handing addresses out - only trusted ports can be sending
DHCP answers..

alan


More information about the cisco-nsp mailing list