[c-nsp] dai / dhcp snooping bug
Mike
mike-cisconsplist at tiedyenetworks.com
Mon Aug 10 12:38:41 EDT 2015
On 08/10/2015 08:21 AM, Antoine Monnier wrote:
> so, for my own understanding, are we saying unicast DHCP refresh is
> still handled ok by the DHCP snooping feature?
> Is it more a problem of DHCP server restart and/or switch reload?
>
> Thanks!
>
The problem is that, if an entry is not in the switch dhcp snooping
database, and the clients are using unicast DHCP, that is not enough to
get an entry into the dhcp snooping database. It also doesn't appear to
be enough to 'refresh' the lease timer either. Combined with dynamic arp
inspection, this is a bigger problem since those clients then will be
blocked from using arp and thus can't talk to anyone. It appears this
would not be an issue for a switch with a populated database that is
reloaded provided you use the "ip dhcp snooping database ..." command.
The open question for me is, how did I get to a place where my clients
were all talking but the switch database expired bunches of entries and
causing the afterforementioned side effects with dai?
Mike-
More information about the cisco-nsp
mailing list