Allied Telesis Rapier i Series, AT-8600 Series manual For layer 3 support, enable the Bootp Relay

Page 18

Configuration examples

XConfigure the switch’s IP:

enable

ip

add ip

int=vlan48 ip=10.11.67.254 mask=255.255.255.0

add

ip

int=vlan50 ip=10.50.1.254 mask=255.255.255.0

add

ip

rou=0.0.0.0 mask=0.0.0.0 int=vlan50 next=10.50.1.1

XFor layer 3 support, enable the BOOTP Relay:

enable bootp relay

add bootp relay=10.50.1.100

Here the DHCP server is set to 10.50.1.100.

XEnable DHCP snooping and Option 82 support:

enable dhcpsnooping

enable dhcpsnooping option82

Note: It is also possible to enable DHCP snooping ARP security. If enabled this will ensure that ARP packets received on un-trusted ports are only permitted if they originate from an IP address that has been allocated and snooped by DHCP (enable dhcpsnooping arpsecurity).

XDefine the DHCP snooping trusted port:

set dhcpsnooping port=25 trusted=yes

This port is open for generating and receiving Option 82 information. By default, the other ports are non-trusted.

XDefine the maximum number of DHCP leasees permitted on each port:

set dhcpsnooping port=1-24 maxlease=1

XDefine the string that will be used in the subscriber-ID suboption portion of the Option 82 inserted into DHCP packets:

set dhcpsnooping port=1 subscriberid="Ground Floor Room 1"

Page 18 AlliedWare™ OS How To Note: DHCP Snooping on Rapier-style switches

Page 17 Page 19
Image 18
Page 17 Page 19
Contents AlliedWareTM OS IntroductionThis document contains the following contents Related How To Notes Minimum configurationDhcp snooping Dhcp snooping database time-out Database survival across rebootsDatabase Verifying the status of snooped usersList of terms ARP SecurityTrusted and non-trusted ports Enabling Dhcp snoopingStatic binding Completely removing the Dhcp snooping database So the database is emptyDhcp Option Protocol details Example PacketDhcp Message Type = Dhcp Request Configuring Option AnalysisConfiguring filtering Dhcp filteringARP security To enable Dhcp snooping ARP securityDhcp snooping filter show command Resource considerationsIf ARP security is enabled, add Or if ARP security is enabled, isExample on a Rapier Configuration examples Configure a private Vlan for customersAdd the untagged ports for the customers Enable Dhcp snooping and Option 82 supportAdd the tagged uplink ports to the Vlan Define the Dhcp snooping trusted portsCreate a set of QoS classifiers Define the upstream QoS flow groupsCreate a traffic class for all upstream flow groups Configure two VLANs for layer 3 access to the Dhcp server Add ports to the VLANsFor layer 3 support, enable the Bootp Relay Define the Dhcp snooping trusted portCreate a set of QoS classifiers DHCPSNProcess 0b4333cc Dhcp Snooping pkt for Vlan From port TroubleshootingNo trusted ports configured DHCPSNProcess 0b4333cc TaggedNone UntaggedNoneDhcp client continually sends requests instead of a discover Maximum number of leases is exceededSwitch is dropping ARPs Manager set dhcpsnooping port=3 maxleases=2Dhcpsnarp 01a6f5ec ARP to be forwarded, sender validated Dhcpsnarp 02680e6c ARP to be forwarded, sender validated Trusted portsShow log command is also very useful Displaying log entriesAppendix 1 ISC Dhcp server C613-16086-00 REV B
Top Page Image Contents