[c-nsp] Possible to implement DHCP snooping and DAI in UCS environment?

Nick Hilliard nick at foobar.org
Sun Dec 11 10:34:59 EST 2011


On 10/12/2011 02:38, David Hubbard wrote:
> I was curious if anyone knows if it's possible to
> implement DAI (and its prerequisite dhcp snooping)
> in a UCS/vmware environment?

I think you'll need to run the N1k virtual switch in order to implement that:

> http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_2_1_s_v_1_4/security/configuration/guide/n1000v_security_13arpinspect.html#wp1329463

If I were you, I would think very hard before implementing N1K in your VM
environment.  Although it has lots of nice bells and whistles and makes a
pleasant change from the feature-free vmware switching environment, it is a
cow to maintain.  Check out the 45 page upgrade guide for NXOS 4.2:

> http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_2_1_s_v_1_4/upgrade/software/guide/n1000v_upgrade_software.html

In fact, it looks like it's been simplified by scripting chunks of the
compatibility matrices that they used to supply with previous version.

Nick



More information about the cisco-nsp mailing list