Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

DHCP Snooping Database Agent

When is it necessary to use this(DHCP Snooping Database Agent)? We are looking at enabling DHCP snooping. We have WIN2k3 DHCP servers. I dont believe we need too.

I am following this document, thanks.

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/snoodhcp.html#wp1109594

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: DHCP Snooping Database Agent

Hey Anthony,

My original response is still applicable as it is part of the minimal configuration for DHCP snooping. The database agent ensures that database entries are restored after a restart or switchover you have to specify a place to store the binding database via the agent.

Now whether or not you can get away without using the command I'm not sure. I believe it's there for reason stated earlier ie restart/switchover. If it automatically stores the database in RAM, which I'm leaning towards since if a reboot occurs you would loose all of your bindings. Something to lab and test, but I would recommend using the minimal configuration and specifying a place to store the binding database in the event of a reload you don't loose your dhcp bindings.

Under your link or the link I'm posting there's a section that says "Minimum DHCP Snooping Configuration" you must do these steps at a minimum. There is also a few examples of where or how to use the agent to store the binding database.

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/snoodhcp.html#wp1090479

HTH

Jonathan

4 REPLIES
Hall of Fame Super Silver

Re: DHCP Snooping Database Agent

Hello Anthony,

my understanding is that this DHCP Snooping Database Agent provides a common reference for router/switch redundancy:

if the primary fails, the one that takes over needs to find an updated state of DHCP associations or it will deny access to legitimate users.

Because to decide if a user is legitimate the device should have seen the DHCP request, forward it to the DHCP server and registers the association ip address, MAC address.

The router that has taken the role later can get this info only from a third party device: a file hosted somewhere.

So this can be useful if you have a classic campus design with a routed distribution and a L2 access layer and you want to be able to support redundancy and security features.

Hope to help

Giuseppe

New Member

Re: DHCP Snooping Database Agent

Hey Anthony,

When DHCP snooping is enabled, the switch uses the DHCP snooping binding database to store information about untrusted interfaces and the database can have up to 8192 bindings.

The ip dhcp snooping database command is an agent used to store the actual Binding Database either to your flash/NVRAM or a remote server such as a TFTP/FTP/RCP Server which you would preferably use rather than use up the limited storage capacity of your flash/NVRAM.

To keep the bindings when the switch reloads, you must use the DHCP snooping database agent. Ultimately that decision is up to you but recognize that when dhcp snooping is enabled the binding database will grow and where it's stored is up you. The agent allows you to store the database to a suitable server.

HTH

Jonathan

New Member

Re: DHCP Snooping Database Agent

Thank you, I think I should have been more specific. All we want to accomplish is a denying rouge DHCP server. Is you comment still applicable? what would the switch store this information?

New Member

Re: DHCP Snooping Database Agent

Hey Anthony,

My original response is still applicable as it is part of the minimal configuration for DHCP snooping. The database agent ensures that database entries are restored after a restart or switchover you have to specify a place to store the binding database via the agent.

Now whether or not you can get away without using the command I'm not sure. I believe it's there for reason stated earlier ie restart/switchover. If it automatically stores the database in RAM, which I'm leaning towards since if a reboot occurs you would loose all of your bindings. Something to lab and test, but I would recommend using the minimal configuration and specifying a place to store the binding database in the event of a reload you don't loose your dhcp bindings.

Under your link or the link I'm posting there's a section that says "Minimum DHCP Snooping Configuration" you must do these steps at a minimum. There is also a few examples of where or how to use the agent to store the binding database.

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/snoodhcp.html#wp1090479

HTH

Jonathan

1126
Views
0
Helpful
4
Replies
CreatePlease to create content