i have a production network environment where i want to implement dhcp snooping and DAI. My setup is as below-
i have 35xx series switch at edge and 2 x 65xx series switcehs at the core. All edge swithc has 2 upink to the 2 core switches. STP is ruunig in the network, core switch 1 is configured as the primary root for all the valns and core switch 2 secondary root. An ether-channel is runnig between 2 core switches. Below are the stp commnds i run in both edge and core switches (uplinkfast is not runnig in the core switches)
spanning-tree mode pvst
spanning-tree loopguard default
description *** User-Vlan-01 ***
switchport access vlan 10
switchport mode access
switch-port port-security aging time 300
switch-port port-security violation restrict
spanning-tree bpduguard enable
Below are my querries-
1) Do i need to run any other stp related commands in the edge as well core switches in a typical production network?
Now i need to enable dhcp snooping and ARP inspection in my network. One point to mention is that there is a FWSM module in the core switch and the network setup is like FWSM>MSFC>Router. All the Vlans (User Vlan and Server Vlan) are the layer 3 interface of the FWSM. outside of the fwsm
connects to the MSFC.
My querry is -
2) What are the things i should take care before i implement dhcp snooping and DAI normally in a production LAN
3) Do i need to do any thing in the FWSM ? If YES, what are the things i should do ?
Appreciate your valuable inputs ASAP
Thanks and Regards