- Purple, 4500 points or more
If I had a dhcp database on a server and configured on the switch as a tftp location, what would the outcome be if one person on switch 1 moved to another jack on switch 3. Both ports that the user connects to on each switch are configured as untrusted. Technically, the user would have an entry in the database for switch 1: port number. Will that user be able to pass traffic through switch 3 when connected to it? I'm thinking no, unless the dhcp database allows for multiple entries for the same mac/ip address. I'm thinking more along the lines of a user leaving their office and then making a connection to a conference room. I don't want to trust all of these ports if not needed.
Also, how do you handle your dhcp database? Do you use a tftp server or flash? I was going to use flash, but the databases can't (possibly) be shared between switches outside of setting up a tftp server on one of them. Do you use external databases and how well do they work?
I noticed that the dhcp binding is still listed in the switch even though it writes the binding to the database at the server.
Right, the binding file on the server is only kind of a backup which will be loaded by the switch after a switch-reload.
I wonder what happens if the server becomes unavailable for some reason.
If I remember correctly, the switch will generate a syslog-message to inform about such conditions.
As long as the switch doesn't reload, no problem at all. And as long as you don't enable DAI and/or IPSG I wouldn't even expect any problem after a reload. To my best knowledge, missing entries in the binding table shouldn't have any impact for clients on untrusted interfaces if you only enabled dhcp snooping.
So I guess you can relax for the rest of the weekend ;-)