You can use the bindings db for dynamic arp inspection. It compares entires in the table to the arp messages being seen. Ex: the bindings table says IP 1.1.1.2 is on port G0/4. Someone does arp request for 1.1.1.2 and the arp reply comes from int G0/6.... That's a violation and the arp reply would be dropped. You can backup the bindings db to tftp priodically and then download that table when it boots up to restore the bindings.
On Tuesday, July 22, 2014, Taqdir Singh <[email protected]> wrote: > Hi Team, > > > DHCP Snooping creates snooping database with help of DHCP packets flowing > through > > > but once switch is rebooted by default the database is lost > > but clients will still have the IP address. > > So my question is.. now in this case switch wont be having the DHCP binding > database.. will client still be able to communicate and do normal work. > > if yes.. then what is the benifit of keeping DHCP snooping binding table ? > > i think if it just drops dhcp offer/ack packets on untrusted ports thats > good.. but why it creates entry in binding table > > > > -- > _______________________________________________ > Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: > > iPexpert on YouTube: www.youtube.com/ipexpertinc > _______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc
