Allied Telesis AT-8700XL Series manual Dhcpsnarp 02680e6c ARP to be forwarded, sender validated

Page 23

Troubleshooting

You cannot work around dropped ARPs from the DHCP server by statically binding the DHCP server’s IP and MAC address to a port, instead of setting it as trusted. The switch will not send the DHCP server the DHCP request. The switch will not flood the DHCP request to any ports other than trusted ones. So although the switch will let the DHCP server send ARP requests, the DHCP server will not receive any DHCP requests.

Manager > add dhcpsnooping binding=00-50-FC-EE-F5-13 ip=172.16.1.1 int=vlan1 port=24 DHCPSN_DB: Creating new entry with entryId 3.

DHCPSN_DB: Notifying DB listener: CLASSIFR

DHCPSN_ACL: dhcpSnoopAclListener >> dbEntryPt=0x010caed4 flags=0x00000080

DHCPSN_ACL: dhcpSnoopAclBindingFindByEntryIndex >> finding binding entryId=3

DHCPSN_ACL: dhcpSnoopAclBindingFindGroup >> found 0 items

DHCPSN_ACL: dhcpSnoopAclBindingFindByEntryIndex >> finding binding entryId=3 it0

DHCPSN_ACL: dhcpSnoopAclBindingFindAllByPortNumber >> finding binding portNum=24

DHCPSN_ACL: dhcpSnoopAclBindingFindGroup >> found 0 items

DHCPSN_ACL: dhcpSnoopAclBindingFindAllByPortNumber >> finding binding portNum=20

DHCPSN_ACL: dhcpSnoopAclBindingCreate >> templateId=10001 flowId=0 port=24 num=3

DHCPSN_ACL: dhcpSnoopAclBindingCreate >> created child-3 bindings of templateId1

DHCPSN_ACL: dhcpSnoopAclBindingBinds >> bclassId=20003 portNum=24 entryId=3

DHCPSN_ACL: dhcpSnoopAclBindingBinds >> success, classifierId=20003 flowGroupId3

DHCPSN_ACL: dhcpSnoopAclListener >> NEW, returns=1

DHCPSN_DB: Change state for 00-50-fc-ee-f5-13, in NONE for event LISTENER_OK

DHCPSN_DB: Changed state for 00-50-fc-ee-f5-13, to FULL

Info (1137003): Operation successful.

Manager >

DHCPSN_ARP: [02680e6c] ARP Received on untrusted port 24 VLAN 1

DHCPSN_ARP: [02680e6c] ARP to be forwarded, sender validated

DHCPSN_ARP: [02680e6c] Forwarding ARP at L2 for VLAN 1

DHCPSN_ARP: [02680e6c] Forward ports (except 24)

DHCPSN_ARP: [02680e6c] Tagged:None

DHCPSN_ARP: [02680e6c] Untagged:1

Manager >

 

 

DHCPSN_Process: [026ef9ac] DHCP Snooping pkt for VLAN 1

from port 1

DHCPSN_Process: [026ef9ac] Type: REQUEST

 

DHCPSN_Process: [026ef9ac] On DHCP Snooping non-trusted

port

DHCPSN_Process: [026ef9ac] DHCP Snoop forwarding pkt at

L2 for VLAN 1 InPort 1

DHCPSN_Process: [026ef9ac] L2 Dest MAC is broadcast

 

DHCPSN_Process: [026ef9ac] Type: REQUEST, L2 forward to

trusted ports

DHCPSN_Process: [026ef9ac] Forward ports (except 1)

 

DHCPSN_Process: [026ef9ac]

Tagged:None

 

DHCPSN_Process: [026ef9ac]

Untagged:None

 

Page 23 AlliedWare™ OS How To Note: DHCP Snooping on Rapier-style switches

Page 22 Page 24
Image 23
Page 22 Page 24
Contents Introduction AlliedWareTM OSThis document contains the following contents Dhcp snooping Related How To NotesMinimum configuration Verifying the status of snooped users Database survival across rebootsDatabase Dhcp snooping database time-outARP Security List of termsStatic binding Trusted and non-trusted portsEnabling Dhcp snooping So the database is empty Completely removing the Dhcp snooping databaseDhcp Option Dhcp Message Type = Dhcp Request Protocol detailsExample Packet Analysis Configuring OptionDhcp filtering Configuring filteringResource considerations To enable Dhcp snooping ARP securityDhcp snooping filter show command ARP securityExample on a Rapier If ARP security is enabled, addOr if ARP security is enabled, is Configure a private Vlan for customers Configuration examplesDefine the Dhcp snooping trusted ports Enable Dhcp snooping and Option 82 supportAdd the tagged uplink ports to the Vlan Add the untagged ports for the customersCreate a traffic class for all upstream flow groups Create a set of QoS classifiersDefine the upstream QoS flow groups Add ports to the VLANs Configure two VLANs for layer 3 access to the Dhcp serverDefine the Dhcp snooping trusted port For layer 3 support, enable the Bootp RelayCreate a set of QoS classifiers DHCPSNProcess 0b4333cc TaggedNone UntaggedNone TroubleshootingNo trusted ports configured DHCPSNProcess 0b4333cc Dhcp Snooping pkt for Vlan From portMaximum number of leases is exceeded Dhcp client continually sends requests instead of a discoverDhcpsnarp 01a6f5ec ARP to be forwarded, sender validated Switch is dropping ARPsManager set dhcpsnooping port=3 maxleases=2 Trusted ports Dhcpsnarp 02680e6c ARP to be forwarded, sender validatedDisplaying log entries Show log command is also very usefulAppendix 1 ISC Dhcp server C613-16086-00 REV B
Top Page Image Contents