Hi, > I've just now discovered a cli command - 'ip dhcp snooping binging > ....' - which allows me to directly inject the needed information. > This would solve my short term problem and let me get back to a > reasonably well populated dhcp snooping table, but the question > becomes, is this going to just be what I do if this issue crops up > again or is there any configuration work I could do that would make > the switch able to maintain this table itself?
IIRC you need to have the switch see the full original DHCP request and not just the half-time refresh....which makes DAI quite painful because if the switch has reloaded, then clients that stay up will end up failing UNLESS you save the state to flash before a reload. static systems on the ports also cause pain as they need to be added manually (or you can turn off the security features for that port but then you're opening up attacks via that port....especially bad if its on the same VLAN as the other protected ports!). ip dhcp snooping database is the option for saving/recording the translations (flash, URL, TFTP etc) alan _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/