Allied Telesis Rapier i Series, AT-8600 Series manual Add the tagged uplink ports to the Vlan

Page 15

Configuration examples

XAdd the tagged uplink ports to the VLAN:

add vlan="48" port=24 frame=tagged uplink

XAdd the untagged ports for the customers:

add vlan="48" port=1-23

This is a layer 2 solution. The IP protocol does not need to be configured.

XEnable DHCP snooping and Option 82 support:

enable dhcpsnooping

enable dhcpsnooping option82

It is also possible to enable DHCP snooping ARP security. If enabled, this will ensure that ARP packets received on non-trusted ports are only permitted if they originate from an IP address that has been allocated and snooped by DHCP (enable dhcpsnooping arpsecurity).

XDefine the DHCP snooping trusted ports:

set dhcpsnooping port=24 trusted=yes

These ports can receive Option 82 information, and the switch will permit them to send Option 82.

XDefine the maximum number of DHCP leasees permitted on each port:

set dhcpsnooping port=1-23 maxlease=1

XDefine the string that will be used in the subscriber-ID suboption portion of the Option 82 inserted into DHCP packets:

set dhcpsnooping port=1 subscriberid="Ground Floor Room 1"

Page 15 AlliedWare™ OS How To Note: DHCP Snooping on Rapier-style switches

Image 15

Contents Introduction AlliedWareTM OSThis document contains the following contents Related How To Notes Minimum configurationDhcp snooping Verifying the status of snooped users Database survival across rebootsDatabase Dhcp snooping database time-outARP Security List of termsTrusted and non-trusted ports Enabling Dhcp snoopingStatic binding So the database is empty Completely removing the Dhcp snooping databaseDhcp Option Protocol details Example PacketDhcp Message Type = Dhcp Request Analysis Configuring OptionDhcp filtering Configuring filteringResource considerations To enable Dhcp snooping ARP securityDhcp snooping filter show command ARP securityIf ARP security is enabled, add Or if ARP security is enabled, isExample on a Rapier Configure a private Vlan for customers Configuration examplesDefine the Dhcp snooping trusted ports Enable Dhcp snooping and Option 82 supportAdd the tagged uplink ports to the Vlan Add the untagged ports for the customersCreate a set of QoS classifiers Define the upstream QoS flow groupsCreate a traffic class for all upstream flow groups Add ports to the VLANs Configure two VLANs for layer 3 access to the Dhcp serverDefine the Dhcp snooping trusted port For layer 3 support, enable the Bootp RelayCreate a set of QoS classifiers DHCPSNProcess 0b4333cc TaggedNone UntaggedNone TroubleshootingNo trusted ports configured DHCPSNProcess 0b4333cc Dhcp Snooping pkt for Vlan From portMaximum number of leases is exceeded Dhcp client continually sends requests instead of a discoverSwitch is dropping ARPs Manager set dhcpsnooping port=3 maxleases=2Dhcpsnarp 01a6f5ec ARP to be forwarded, sender validated Trusted ports Dhcpsnarp 02680e6c ARP to be forwarded, sender validatedDisplaying log entries Show log command is also very usefulAppendix 1 ISC Dhcp server C613-16086-00 REV B