There is two DHCP server connected to different core switch. Suppose PC1 get IP address from DHCP-SERVER-2,so only 4510-2 learn this and store it on DHCP snooping binding table.
So question is: If I enable ARP inspection on both 4510 and 4510-2 get problem, pc will lose connectivity because 4510-1 didn't learn the IP-MAC information.
I know that "ip arp inspection trust" under interface will work. But my access switch don't support ip arp inspection, for example, 2950. If I add "ip arp inspection trust" under interface connected switch will leave a security hole . Or I can define an ARP ACL . But there are so many PC on my network.
So I am in doubt why cisco can't synchronize DHCP snooping binding table between switch. If cisco can synchronize DHCP snooping binding table , it is a easy solution for me.
you are indeed correct, only other solution would be to manually update dhcp binding file on 4510-1 or create ARP access-list either way would be a pain. You can also consider port-security on switchports of 3500XL.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...