Allied Telesis AT-8600 Series, Rapier i Series, AT-8700XL Series manual Appendix 1 ISC Dhcp server

Page 25

Appendix 1: ISC DHCP server

Appendix 1: ISC DHCP server

One DHCP server that has been tested against DHCP snooping is ISC DHCP. This is free software with an option of a support contract. At the time of writing this document, ISC DHCP did not support the logging of RFC3993 sub-option 6. For convenience, here is a sample configuration (dhcpd.conf) for ISC DHCP.

This configuration lets you specify the IP that is given to each MAC address. You may easily write a range statement to assign to any client.

ddns-update-style ad-hoc;

option domain-name "test.yourdomain.com"; option domain-name-servers 172.16.1.253; option broadcast-address 172.16.1.255; option subnet-mask 255.255.255.0; use-host-decl-names on;

subnet 172.16.1.0 netmask 255.255.255.0 { #filename "/vmlinuz "; default-lease-time 86400; option subnet-mask 255.255.255.0;

option domain-name "test.yourdomain.com"; option domain-name-servers 172.16.1.1; option routers 172.16.1.1;

option broadcast-address 172.16.1.255; host linux {

hardware ethernet 00:06:5b:31:14:af; fixed-address 172.16.1.100; filename "/vmlinuz ";

}

host test01 {

hardware ethernet 00:00:00:00:00:01; fixed-address 172.16.1.201;

}

host test02 {

hardware ethernet 00:00:00:00:00:02; fixed-address 172.16.1.202;

}

host test03 {

hardware ethernet 00:00:00:00:00:03; fixed-address 172.16.1.203;

}

host RapierMAX {

hardware ethernet 00:00:cd:11:b2:4c; fixed-address 172.16.1.123;

Page 25 AlliedWare™ OS How To Note: DHCP Snooping on Rapier-style switches

Page 24 Page 26
Image 25
Page 24 Page 26
Contents Introduction AlliedWareTM OSThis document contains the following contents Minimum configuration Related How To NotesDhcp snooping Database Database survival across rebootsDhcp snooping database time-out Verifying the status of snooped usersARP Security List of termsEnabling Dhcp snooping Trusted and non-trusted portsStatic binding So the database is empty Completely removing the Dhcp snooping databaseDhcp Option Example Packet Protocol detailsDhcp Message Type = Dhcp Request Analysis Configuring OptionDhcp filtering Configuring filteringDhcp snooping filter show command To enable Dhcp snooping ARP securityARP security Resource considerationsOr if ARP security is enabled, is If ARP security is enabled, addExample on a Rapier Configure a private Vlan for customers Configuration examplesAdd the tagged uplink ports to the Vlan Enable Dhcp snooping and Option 82 supportAdd the untagged ports for the customers Define the Dhcp snooping trusted portsDefine the upstream QoS flow groups Create a set of QoS classifiersCreate a traffic class for all upstream flow groups Add ports to the VLANs Configure two VLANs for layer 3 access to the Dhcp serverDefine the Dhcp snooping trusted port For layer 3 support, enable the Bootp RelayCreate a set of QoS classifiers No trusted ports configured TroubleshootingDHCPSNProcess 0b4333cc Dhcp Snooping pkt for Vlan From port DHCPSNProcess 0b4333cc TaggedNone UntaggedNoneMaximum number of leases is exceeded Dhcp client continually sends requests instead of a discoverManager set dhcpsnooping port=3 maxleases=2 Switch is dropping ARPsDhcpsnarp 01a6f5ec ARP to be forwarded, sender validated Trusted ports Dhcpsnarp 02680e6c ARP to be forwarded, sender validatedDisplaying log entries Show log command is also very usefulAppendix 1 ISC Dhcp server C613-16086-00 REV B
Top Page Image Contents