I googled for this and am not getting a definitive answer. What is the interaction between DHCP snooping [and more importantly DAI & IP Source Guard which are dependent upon the DHCP snooping mac/IP database] and DHCP Server services running on the catalyst
Can this work? Can I have my catalyst 3750 stack acting as my DHCP server and still utilize DAI, IP source guard, etc?
DHCP binding DB is different from DHCP Snooping ninding DB, that is to be formed once DHCPOFFER is ACKed by DHCP Client.
They may co-exist, here is a process:
1 - client send DHCPDISCOVER
2 - DHCP SNOOPING intercepts and checkes it against its DHCP SNOOPING DB
3 - IF NO match found it is goign to flood this frame withing the VLAN it was heard
4 - SVI will recive Broadcast and does the OFFER
5 - DHCP Client revieves an offer and ACK it
6 - DHCP SNOOPING DB is added with new Binding
Try enabling DHCP snooping along with DHCP Server, prior ARP inspection;
IP Source Guard would have to be applied opnce DHCP Binding table is completely populated;
Forgive the redundancy, but I want to make sure I really understand this. Can you use the mac-ip binding database created by having the switch act as a DHCP server without using DHCP snooping, to utilize DAI? OR, does the switch have to "snoop" its own DHCP responses off of whichever vlan interface is service those DHCP messages?
The switch needs to have the binding table via the DHCP snooping feature, but remember that you can use those extra features without the need of the DHCP snooping binding table, so you could do it statically, eventhough this implies a lot of administration configuration on the switches. The position of the DHCP server on a DHCP snooping configuration does matters. You can have the Catalyst switch acting as the DHCP server inside the same subnet or doing it through a relay. It's your personal option.
DHCP snooping, DAI, IPsource guard requires the DHCP binding datbase in order to work.