[c-nsp] dai / dhcp snooping bug

Mike mike-cisconsplist at tiedyenetworks.com
Mon Aug 10 12:38:41 EDT 2015

On 08/10/2015 08:21 AM, Antoine Monnier wrote:
> so, for my own understanding, are we saying unicast DHCP refresh is 
> still handled ok by the DHCP snooping feature?
> Is it more a problem of DHCP server restart and/or switch reload?
> Thanks!
The problem is that, if an entry is not in the switch dhcp snooping 
database, and the clients are using unicast DHCP, that is not enough to 
get an entry into the dhcp snooping database. It also doesn't appear to 
be enough to 'refresh' the lease timer either. Combined with dynamic arp 
inspection, this is a bigger problem since those clients then will be 
blocked from using arp and thus can't talk to anyone. It appears this 
would not be an issue for a switch with a populated database that is 
reloaded provided you use the "ip dhcp snooping database ..." command. 
The open question for me is, how did I get to a place where my clients 
were all talking but the switch database expired bunches of entries and 
causing the afterforementioned side effects with dai?


More information about the cisco-nsp mailing list