I read the whole chapter about DHCP Snooping and Dynamic ARP Inspection. by watching less then 10 minutes your videos I know I have not deeply understand the topics yet. Thank you very much for sharing this lecture.
Hi.. I'm from India.. Extremely resourceful stuff.... I have googled for these topics and found many, but they gave me vague idea.. but this is outstanding.. the way you elucidated is unparallel. Hats off. You have got good teaching skills.. why don't you make more videos on switching topics.. which really helps a lot for the poor people like me. Even though you are bounded in tight schedules..please find some time and make videos on "stormcontrol" and "network troubleshooting". This is my personal appeal. A big thanks for the stuff.
Hello Brian. Excellent video. I had some questions about how to use DAI when having statically configured clients and this video answered all of those questions. Good Job pal!
your videos are amazing man, instructionnal and very detailed , I hope you'll upload somme more!! What certif do you have ? What is your daily job ? You should really teach at INE or CBT , you are way better than some / most of the teachers there.
Thank You! I manage software developers at Rackspace currently. These were made when going for my CCIE, which I didn't get cause I ran out of money. But, I'm trying to get the time to add more. Thanks for watching!
Thanks for the video, very useful. But I have one point which is in my opinion wrong, or better said - not neccesary: The snooping "Trust" hasn't to be set in both directions of the trunk. In a non-redundant topology like in this case, the "Trust" is only needed on the interface that is pointing up towards DHCP server. So when you look at 12:42, the middle one "T" is not needed. If it was a redundant topology - due to STP - it could be necessary in some situations to set it on both sides.
just one thing: the procedure is called BUBU (it is an acronym), you can find out it, using wireshark; indeed the offer packet and the final ack packet are sent in unicast (lvl2)
Hello Brian, I dont think DHCPSnooping will block the DHCPDiscovery on untrusted port around minutes 18:00. Instead its actually blocking the DHCPOffer coming from the server. Pls correct me if I am wrong.
The main thing to be concerned about is the trust ports for both. The gateway or DHCP server must be trusted, everything else is covered in the video. I tried to be comprehensive on the subject and not very much is left out.
Question, what if there are multiple VLANs, some of them assigned on the switchports but others are not (a common production scenario). Is there anything to be considered before apply DHCP snooping and arp inspection?
Have you figured out a good way to make the DHCP binding table redundant when it's needed by two or more switches, as in the case of HSRP? The only way I can figure is to set up load balancing to multiple FTP servers and replicate the table between them since you can't specify multiple destinations for the table to be written.
If you add gloablly for example: ip arp inspection vlan 55 ip arp inspection validate src-mac ip dhcp snooping vlan 55 ip dhcp snooping You only activate arp inspection and dhcp snooping for vlan 55 and not any other vlans, correct? in any switchported interfaces that includes this vlan 55 you must add dhcp snooping trust sentence even if you allow more vlans and not just vlan 55 over that interface? Thanks in advance
I think that something`s wrong over there , when the pc is making the DHCP discover the address used as destination is broadcast FF:FF:FF:FF:FF:FF , but when the server respond with the DHCP offer then the address used is unicast, the L1 MAC address, not broadcast like you said. Only the dhc discover is broadcast, all over that are unicast betwen server and l1
I read the whole chapter about DHCP Snooping and Dynamic ARP Inspection. by watching less then 10 minutes your videos I know I have not deeply understand the topics yet. Thank you very much for sharing this lecture.
Great video... Explained everything thoroughly with example... One of my best learning experience... A MUST THUPS UP
Very well put together. Much better than some of the other "Expert" videos out there !!!
Hi.. I'm from India.. Extremely resourceful stuff.... I have googled for these topics and found many, but they gave me vague idea.. but this is outstanding.. the way you elucidated is unparallel. Hats off. You have got good teaching skills.. why don't you make more videos on switching topics.. which really helps a lot for the poor people like me.
Even though you are bounded in tight schedules..please find some time and make videos on "stormcontrol" and "network troubleshooting". This is my personal appeal. A big thanks for the stuff.
Finally found a video that explains DAI in depth and gives you clear understanding of everything you need to know. Thanks a lot
I love how deep you go into the topics. Very helpful for a complete understanding of the topic.
Simply WOW !!!
Respect all the way from India !!!
Keep up the good work !!!
Hello Brian. Excellent video. I had some questions about how to use DAI when having statically configured clients and this video answered all of those questions. Good Job pal!
Awesome presentation & explanation mate !! Looking forward to seeing more. Cheers
Very informative on both subjects, thanks Brian!
Thanks for the added information, and I appreciate the comments!
Brilliant Brian GREAT ! THANKS for such in-depth.
your videos are amazing man, instructionnal and very detailed , I hope you'll upload somme more!! What certif do you have ? What is your daily job ? You should really teach at INE or CBT , you are way better than some / most of the teachers there.
Thank You! I manage software developers at Rackspace currently. These were made when going for my CCIE, which I didn't get cause I ran out of money. But, I'm trying to get the time to add more. Thanks for watching!
Thanks for the video, very useful. But I have one point which is in my opinion wrong, or better said - not neccesary:
The snooping "Trust" hasn't to be set in both directions of the trunk. In a non-redundant topology like in this case, the "Trust" is only needed on the interface that is pointing up towards DHCP server. So when you look at 12:42, the middle one "T" is not needed.
If it was a redundant topology - due to STP - it could be necessary in some situations to set it on both sides.
Excellent explanation !
Just awesome,brilliant,mind blowing and sublime.Thanks a lottttttt.
AWESOME Video ....
just one thing: the procedure is called BUBU (it is an acronym), you can find out it, using wireshark; indeed the offer packet and the final ack packet are sent in unicast (lvl2)
terrific in-depth video
Awesome explanation sir, Thanks!!
Thanks for the comment, putting together a few more videos, frame, 802.1x, bgp, etc.
Briliant!! Thank you, sir!
Excellent explanation .. Wawooooooooooooooooooooooooooo
wow it just amazing and wonderful thank you very much
Hi Brian, when are you going to upload more video?Well done i really like the way you explain...
Hello Brian, I dont think DHCPSnooping will block the DHCPDiscovery on untrusted port around minutes 18:00. Instead its actually blocking the DHCPOffer coming from the server. Pls correct me if I am wrong.
The main thing to be concerned about is the trust ports for both. The gateway or DHCP server must be trusted, everything else is covered in the video. I tried to be comprehensive on the subject and not very much is left out.
Question, what if there are multiple VLANs, some of them assigned on the switchports but others are not (a common production scenario). Is there anything to be considered before apply DHCP snooping and arp inspection?
Brian, great instructional. I will be using this at work.
What is that software you are using for white-boarding?
Doodledesk, on Mac. Works very well!
No sorry, Deskscribble
Have you figured out a good way to make the DHCP binding table redundant when it's needed by two or more switches, as in the case of HSRP? The only way I can figure is to set up load balancing to multiple FTP servers and replicate the table between them since you can't specify multiple destinations for the table to be written.
If you add gloablly for example:
ip arp inspection vlan 55
ip arp inspection validate src-mac
ip dhcp snooping vlan 55
ip dhcp snooping
You only activate arp inspection and dhcp snooping for vlan 55 and not any other vlans, correct?
in any switchported interfaces that includes this vlan 55 you must add dhcp snooping trust sentence even if you allow more vlans and not just vlan 55 over that interface?
Thanks in advance
Thank You!
Please sir, more cisco teaching!
This is a great video. But I want to know IOS ver on, either 3750 or 3660, which it works on.
I think that something`s wrong over there , when the pc is making the DHCP discover the address used as destination is broadcast FF:FF:FF:FF:FF:FF , but when the server respond with the DHCP offer then the address used is unicast, the L1 MAC address, not broadcast like you said. Only the dhc discover is broadcast, all over that are unicast betwen server and l1
43