Allied Telesis AT-8700XL Series, Rapier i Series This document contains the following contents

Page 2

Introduction

This document contains the following contents:
Introduction	1
Which products and software version does this information apply to?	2
Related How To Notes	3
DHCP snooping	3
Minimum configuration	3
The database	4
Trusted and non-trusted ports	6
Enabling DHCP snooping	6
Static binding	6
Completely removing the DHCP snooping database	7
DHCP Option 82	8
Protocol details	9
Configuring Option 82	10
DHCP filtering	11
Configuring filtering	11
ARP security	12
Resource considerations	12
Configuration examples	14
Configuring the switch for DHCP snooping, filtering and Option 82, when it is
acting as a layer 2 switch	14
Configuring the switch for DHCP snooping, filtering, and Option 82, when it is
acting as a layer 3 BOOTP Relay Agent	17
Troubleshooting	20
No trusted ports configured	20
The DHCP client continually sends requests instead of a discover	21
Switch is dropping ARPs	22
Displaying log entries	24
Appendix 1: ISC DHCP server	25

Which products and software version does this information apply to?

The information provided in this document applies to the following switches, running AlliedWare version 2.7.6 and above:

zAT-8800 series

zAT-8600 series

zAT-8700XL series

zRapier and Rapier i series

Page 2 AlliedWare™ OS How To Note: DHCP Snooping on Rapier-style switches

Image 2

Contents AlliedWareTM OS IntroductionThis document contains the following contents Dhcp snooping Related How To NotesMinimum configuration Dhcp snooping database time-out Database survival across rebootsDatabase Verifying the status of snooped usersList of terms ARP SecurityStatic binding Trusted and non-trusted portsEnabling Dhcp snooping Completely removing the Dhcp snooping database So the database is emptyDhcp Option Dhcp Message Type = Dhcp Request Protocol detailsExample Packet Configuring Option AnalysisConfiguring filtering Dhcp filteringARP security To enable Dhcp snooping ARP securityDhcp snooping filter show command Resource considerationsExample on a Rapier If ARP security is enabled, addOr if ARP security is enabled, is Configuration examples Configure a private Vlan for customersAdd the untagged ports for the customers Enable Dhcp snooping and Option 82 supportAdd the tagged uplink ports to the Vlan Define the Dhcp snooping trusted portsCreate a traffic class for all upstream flow groups Create a set of QoS classifiersDefine the upstream QoS flow groups Configure two VLANs for layer 3 access to the Dhcp server Add ports to the VLANsFor layer 3 support, enable the Bootp Relay Define the Dhcp snooping trusted portCreate a set of QoS classifiers DHCPSNProcess 0b4333cc Dhcp Snooping pkt for Vlan From port TroubleshootingNo trusted ports configured DHCPSNProcess 0b4333cc TaggedNone UntaggedNoneDhcp client continually sends requests instead of a discover Maximum number of leases is exceededDhcpsnarp 01a6f5ec ARP to be forwarded, sender validated Switch is dropping ARPsManager set dhcpsnooping port=3 maxleases=2 Dhcpsnarp 02680e6c ARP to be forwarded, sender validated Trusted portsShow log command is also very useful Displaying log entriesAppendix 1 ISC Dhcp server C613-16086-00 REV B