thanks friends. suppose if i dont want to use to DIA and source guard.. then is there any way that I dont want snooping binding database to be created because i will never use DIA
i just want dhcp snooping to drop packets based on dhcp packets only but not to create entry in binding table On Wed, Jul 23, 2014 at 8:41 AM, Ryan Jensen <[email protected]> wrote: > You can use the bindings db for dynamic arp inspection. It compares > entires in the table to the arp messages being seen. > Ex: the bindings table says IP 1.1.1.2 is on port G0/4. Someone does arp > request for 1.1.1.2 and the arp reply comes from int G0/6.... That's a > violation and the arp reply would be dropped. > You can backup the bindings db to tftp priodically and then download that > table when it boots up to restore the bindings. > > > On Tuesday, July 22, 2014, Taqdir Singh <[email protected]> wrote: > >> Hi Team, >> >> >> DHCP Snooping creates snooping database with help of DHCP packets flowing >> through >> >> >> but once switch is rebooted by default the database is lost >> >> but clients will still have the IP address. >> >> So my question is.. now in this case switch wont be having the DHCP >> binding >> database.. will client still be able to communicate and do normal work. >> >> if yes.. then what is the benifit of keeping DHCP snooping binding table ? >> >> i think if it just drops dhcp offer/ack packets on untrusted ports thats >> good.. but why it creates entry in binding table >> >> >> >> -- >> _______________________________________________ >> Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: >> >> iPexpert on YouTube: www.youtube.com/ipexpertinc >> > -- Thanks & regards, Taqdir Singh Ph: (+91) 8826009496 _______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc
