Allied Telesis AT-8600 Series, Rapier i Series, AT-8700XL Series manual Switch is dropping ARPs

Page 22

Troubleshooting

Increasing the port’s maximum leases will permit multiple clients per port.

Manager > set dhcpsnooping port=3 maxleases=2

Info (1137260): DHCP Snooping port(s) 3 updated successfully.

Switch is dropping ARPs

If you have DHCP snooping in ARP security mode, then unknown clients on untrusted ports will not be able to ARP.

DHCPSN_ARP: [0193a9ec] ARP Received on untrusted port 24 VLAN 1

DHCPSN_ARP: [0193a9ec] ARP Discarded, sender not found in DHCP Snoop DB

Known clients on untrusted ports will be able to ARP.

DHCPSN_ARP: [01a6f5ec] ARP Received on untrusted port 1 VLAN 1

DHCPSN_ARP: [01a6f5ec] ARP to be forwarded, sender validated

DHCPSN_ARP: [01a6f5ec] Forwarding ARP at L2 for VLAN 1

DHCPSN_ARP: [01a6f5ec] Forward ports (except 1)

DHCPSN_ARP: [01a6f5ec] Tagged:None

DHCPSN_ARP: [01a6f5ec] Untagged:24

A client is known on an untrusted port if it has an IP/MAC entry in the DHCP snooping database (show dhcpsnooping database). Your DHCP server must be on a trusted port.

Manager > set dhcpsnooping port=24 trusted=yes

Info (1137260): DHCP Snooping port(s) 24 updated successfully.

Manager >

DHCPSN_ARP: [023a218c] ARP Received on trusted port 24 VLAN 1

DHCPSN_ARP: [023a218c] Forwarding ARP at L2 for VLAN 1

DHCPSN_ARP: [023a218c] Forward ports (except 24)

DHCPSN_ARP:

[023a218c]

Tagged:None

DHCPSN_ARP:

[023a218c]

Untagged:1

Page 22 AlliedWare™ OS How To Note: DHCP Snooping on Rapier-style switches

Page 21 Page 23
Image 22
Page 21 Page 23
Contents AlliedWareTM OS IntroductionThis document contains the following contents Minimum configuration Related How To NotesDhcp snooping Dhcp snooping database time-out Database survival across rebootsDatabase Verifying the status of snooped usersList of terms ARP SecurityEnabling Dhcp snooping Trusted and non-trusted portsStatic binding Completely removing the Dhcp snooping database So the database is emptyDhcp Option Example Packet Protocol detailsDhcp Message Type = Dhcp Request Configuring Option AnalysisConfiguring filtering Dhcp filteringARP security To enable Dhcp snooping ARP securityDhcp snooping filter show command Resource considerationsOr if ARP security is enabled, is If ARP security is enabled, addExample on a Rapier Configuration examples Configure a private Vlan for customersAdd the untagged ports for the customers Enable Dhcp snooping and Option 82 supportAdd the tagged uplink ports to the Vlan Define the Dhcp snooping trusted portsDefine the upstream QoS flow groups Create a set of QoS classifiersCreate a traffic class for all upstream flow groups Configure two VLANs for layer 3 access to the Dhcp server Add ports to the VLANsFor layer 3 support, enable the Bootp Relay Define the Dhcp snooping trusted portCreate a set of QoS classifiers DHCPSNProcess 0b4333cc Dhcp Snooping pkt for Vlan From port TroubleshootingNo trusted ports configured DHCPSNProcess 0b4333cc TaggedNone UntaggedNoneDhcp client continually sends requests instead of a discover Maximum number of leases is exceededManager set dhcpsnooping port=3 maxleases=2 Switch is dropping ARPsDhcpsnarp 01a6f5ec ARP to be forwarded, sender validated Dhcpsnarp 02680e6c ARP to be forwarded, sender validated Trusted portsShow log command is also very useful Displaying log entriesAppendix 1 ISC Dhcp server C613-16086-00 REV B
Top Page Image Contents