Re: DHCP snooping von vDS

Soph1 · ‎04-01-2016

Hello,

is a DHCP snooping feature available on the vDS like on Cisco 1000V or physical Cisco hardware?

I can't find any option for that in the configuration. Neither any documentation or KB articles.

Regards

Sebastian

Soph1 · ‎05-18-2016

Does it make sense to activate DHCP snooping on the underlying physical switch?!

martinriley · ‎05-23-2016

Hi there,

DHCP snooping isn't a feature of the dvSwitch, you'd need a 1000v or other capable third-party vSwitch- although you can do DHCP snooping with NSX 6.2.

Regarding enabling DHCP snooping on the physical switch it may be of use with some caveats depending on your environment. Is/are your DHCP server/s physical or virtual?

vM

-----------------------

VCAP-DCD / VCAP-DCA / VCP-CLOUD / VCP-DT / VCP5 / VCP4

-----------------------

vMustard.com

Soph1 · ‎05-23-2016

The productive/approved DHCP servers are physical.

The rogue ones are mostly virtual.

martinriley · ‎05-23-2016

The yes it makes sense to enable DHCP snooping on your physical switches, basically you'll be setting up the physical switchports that your DHCP servers are connected to as 'trusted' for DHCP source traffic, all other DHCP source traffic from other ports, including the ports your ESXi Physical NICs are connected to, will be dropped.

You only really need to be careful if your production DHCP servers are virtual, in which case you'd need to tie your DHCP VM to one host and dedicate a NIC but for your setup I think it makes good sense.

vM

-----------------------

VCAP-DCD / VCAP-DCA / VCP-CLOUD / VCP-DT / VCP5 / VCP4

-----------------------

vMustard.com

All

DHCP snooping von vDS