[c-nsp] Possible to implement DHCP snooping and DAI in UCS environment?

David Hubbard dhubbard at dino.hostasaurus.com
Fri Dec 9 21:38:17 EST 2011

I was curious if anyone knows if it's possible to
implement DAI (and its prerequisite dhcp snooping)
in a UCS/vmware environment?  The guests are on the
same vlans as physical servers outside UCS, and that
won't change since we're doing p2v migrations, so I
think they would still be vulnerable to man in the
middle arp poisoning attacks coming from physical
servers, not sure about whether such an attack could
be launched from a vmware guest since vmware knows
what mac address each virtual nic has; it may
prevent that.



More information about the cisco-nsp mailing list