Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

Dhcp snooping And ARP-Protection

SOLVED
Go to solution
Mondher
Occasional Contributor

Dhcp snooping And ARP-Protection

Just a questions :)
Where should i Configure ARP-Protect ? access switchs ,core switchs or both
ihave an issue with that .
AND,in configuring Trusted ports and vlans in dhcp snooping an arp-protect, should i protect all Vlans configured on switchs ?


there is my architecture

Regards 

4 REPLIES
TerjeAFK
Respected Contributor
Solution

Re: Dhcp snooping And ARP-Protection

We use DHCP snooping only on edge switches where users are able to connect equipment. We secure all vlans except the switch management vlan.

Mondher
Occasional Contributor

Re: Dhcp snooping And ARP-Protection

thank you for replying ,
is it the same thing for "arp-protect" service ,configure it only on edeg switches ? 
what about opton 82  in my case if you have seen my architecture,should i enable it ?     :)  :) 

 

 

best regards 

TerjeAFK
Respected Contributor

Re: Dhcp snooping And ARP-Protection

We do not use arp protection, so I cannot comment about that. We have basically the same architecture as you, and we have disabled option 82

no dhcp-snooping option 82

YuriPaiva
Advisor

Re: Dhcp snooping And ARP-Protection

The Arp-protect feature we can use in the vlan context to protect the network gateway for this vlan, normally the  interface vlan located in the core switches or fixed ports switches working as core switches.

You can limit the number of arp entries according to the size of vlan´s network /24 /23 /22 with the command

arp max-learning-num XXXX

to preserve memory and processing.

It is necessary configure arp-protection trust feature in the uplink to the switch where is the interface vlan or gateway for the vlan.