You looking at DHCP Snooping the wrong light. Once clients get their IP address DHCP's job is done so Snooping won't affect traffic. When it comes time to renew the IPs the snooping database will repopulate and it'll be business as usual. If you're looking to kill traffic that is not in the database then you need the extra features like DARP Inspection and Source guard.
Cheers, Donald Robb Productive Networks / Network Consultant CCIE Written, CCIP, CCSP, CCDP, CCNP: R&S/Security, CCNA: DC/Voice, JNCIP, SCP, MCSA 2012, VCA-DCV, CCA: XenApp 6, Security+, CCSE.R65, PACE -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Taqdir Singh Sent: July 22, 2014 9:02 PM To: [email protected] Subject: [OSL | CCIE_RS] DHCP Snooping Hi Team, DHCP Snooping creates snooping database with help of DHCP packets flowing through but once switch is rebooted by default the database is lost but clients will still have the IP address. So my question is.. now in this case switch wont be having the DHCP binding database.. will client still be able to communicate and do normal work. if yes.. then what is the benifit of keeping DHCP snooping binding table ? i think if it just drops dhcp offer/ack packets on untrusted ports thats good.. but why it creates entry in binding table -- _______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc _______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc
