Allied Telesis AT-8700XL Series manual Configure two VLANs for layer 3 access to the Dhcp server

Page 17

Configuration examples

Configuring the switch for DHCP snooping, filtering, and Option 82, when it is acting as a layer 3 BOOTP Relay Agent

In a layer 3 routing environment, the switch takes on a role of BOOTP Relay Agent, with support for DHCP Option 82. The relay agent inserts the information mentioned above when forwarding client-originated DHCP packets to a DHCP server. DHCP servers that are configured to recognise the relay agent information option may use the information to keep a log of switches and port numbers that IP addresses have been allocated to, and may also use this information for various address assignment policies.

The DHCP server echoes the option back to the relay agent in server-to-client replies, and the relay agent strips the option before forwarding the reply to the client (RFC 3046). This process is shown in the following figure.

(1). DHCP client sends request. (2). Relay agent appends Option 82 to client sourced packets.

(4). Relay agent strips Option 82, and forwards

to client.

(3). Option 82 enabled DHCP server allocates address and stores the

Option 82 information.

Server sends offer, with Option 82 echoed

to the relay agent.

XConfigure two VLANs for layer 3 access to the DHCP server:

create vlan="Customers" vid=48

create vlan="Network" vid=50

Here the DHCP Server is on VLAN 50, while the DHCP clients are on VLAN 48.

XAdd ports to the VLANs:

add vlan="48" port=1-24

add vlan="50" port=25

Page 17 AlliedWare™ OS How To Note: DHCP Snooping on Rapier-style switches

Page 16 Page 18
Image 17
Page 16 Page 18
Contents Introduction AlliedWareTM OSThis document contains the following contents Dhcp snooping Related How To NotesMinimum configuration Database Database survival across rebootsDhcp snooping database time-out Verifying the status of snooped usersARP Security List of termsStatic binding Trusted and non-trusted portsEnabling Dhcp snooping So the database is empty Completely removing the Dhcp snooping databaseDhcp Option Dhcp Message Type = Dhcp Request Protocol detailsExample Packet Analysis Configuring OptionDhcp filtering Configuring filteringDhcp snooping filter show command To enable Dhcp snooping ARP securityARP security Resource considerationsExample on a Rapier If ARP security is enabled, addOr if ARP security is enabled, is Configure a private Vlan for customers Configuration examplesAdd the tagged uplink ports to the Vlan Enable Dhcp snooping and Option 82 supportAdd the untagged ports for the customers Define the Dhcp snooping trusted portsCreate a traffic class for all upstream flow groups Create a set of QoS classifiersDefine the upstream QoS flow groups Add ports to the VLANs Configure two VLANs for layer 3 access to the Dhcp serverDefine the Dhcp snooping trusted port For layer 3 support, enable the Bootp RelayCreate a set of QoS classifiers No trusted ports configured TroubleshootingDHCPSNProcess 0b4333cc Dhcp Snooping pkt for Vlan From port DHCPSNProcess 0b4333cc TaggedNone UntaggedNoneMaximum number of leases is exceeded Dhcp client continually sends requests instead of a discoverDhcpsnarp 01a6f5ec ARP to be forwarded, sender validated Switch is dropping ARPsManager set dhcpsnooping port=3 maxleases=2 Trusted ports Dhcpsnarp 02680e6c ARP to be forwarded, sender validatedDisplaying log entries Show log command is also very usefulAppendix 1 ISC Dhcp server C613-16086-00 REV B
Top Page Image Contents