Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Recommended DHCP Lease Durations (Win2k3) for DHCP Snooping

We are deploying dhcp snooping and dynamic arp inspection, but need to know what the recommended DHCP lease duration should be to properly function with DHCP snooping. Understandably they are separate functions and will work at any setting, but what is the recommended time setting and why? Example, what would be the advantages/disadvantages of having the scope durations expire in 8 days vs say 2 days?

I know there most likely is not formal policy, but I need recommendations and the reasons to justify a standard/best practice.

Thanks,

-Scott

2 REPLIES
New Member

Re: Recommended DHCP Lease Durations (Win2k3) for DHCP Snooping

I think that a value between 4 and 6 days is a good practice, because every time the client change its ip address, ip snooping and arp inspection need to update their tables, using CPU. So i think that it is important to don't use a low value as lease time.

New Member

Re: Recommended DHCP Lease Durations (Win2k3) for DHCP Snooping

That you for your time suggestions. Could I please ask the reasons why? I understand that the dhcp and arp tables update when dhcp renewals and legitimate arp's occur. What I am asking for are valid reasons/benefits that are gained from changig our current dhcp settings. Are there security benefits to having dhcp values set lower? For example, would lower dhcp values improve chances to catch illegal dhcp servers or clients, or man in the middle attacks?

Management (and I) require an understanding of the process and the reasons before we can make a change to our dhcp expiration settings.

Thanks,

-Scott

527
Views
0
Helpful
2
Replies