On 08/10/2015 06:42 AM, [email protected] wrote:
Hi,
I've just now discovered a cli command - 'ip dhcp snooping binging
....' - which allows me to directly inject the needed information.
This would solve my short term problem and let me get back to a
reasonably well populated dhcp snooping table, but the question
becomes, is this going to just be what I do if this issue crops up
again or is there any configuration work I could do that would make
the switch able to maintain this table itself?
IIRC you need to have the switch see the full original DHCP request
and not just the half-time refresh....which makes DAI quite painful
because if the switch has reloaded, then clients that stay up will end up
failing
UNLESS you save the state to flash before a reload. static systems
on the ports also cause pain as they need to be added manually
(or you can turn off the security features for that port but then you're opening
up attacks via that port....especially bad if its on the same VLAN as
the other protected ports!).
ip dhcp snooping database is the option for saving/recording the translations
(flash, URL, TFTP etc)
alan
\
Actually, I have that already and yes it works and yes it reloaded the
db when I reloaded when trying out the SE7 code. My issue is that due to
some reason I still don't comprehend, the snooping database was
seriously out of whack and the clients were only doing that half time
refresh, which wasn't enough to let this ship right itself. Still trying
to understand how this came to be.
Thank you.
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
