Allied Telesis AT-8600 Series, Rapier i Series manual Database, Dhcp snooping database time-out

Page 4

DHCP snooping

The database

The switch watches the DHCP packets that it is passing back-and-forth. It also maintains a database that lists the DHCP leases it knows are being held by devices downstream of its ports.

Each lease in the database holds the following information:

zthe MAC address of the client device

zthe IP address that was allocated to that client

ztime until expiry

zVLAN to which the client is attached

zthe port to which the client is attached

When inserting Option 82 information into the DHCP packets, the switch uses the information it has stored in the database for filtering and for filling in the fields.

DHCP snooping database time-out

The CPU will time-out database entries if the lease, also stored in the database, expires.

Database survival across reboots

The database is periodically saved as a .dsn file into non-volatile storage. Therefore the database will survive a reboot.

Verifying the status of snooped users

To verify the status of snooped users, use the command show dhcpsnooping database.

Manager > show dhcpsnooping database

 

 

 

DHCP Snooping Binding

Database

 

 

 

 

-------------------------------------------------------------------

 

Full Leases/Max Leases ... 1/52

 

 

 

Check Interval

60

seconds

 

 

 

Database Listeners

CLASSIFR

 

 

 

Current valid entries

 

 

 

 

 

MAC Address

IP

Address

Expires(s) VLAN

Port

ID

Source

-----------------------------------------------------------------------------

00-03-47-6b-a5-7a 10.11.67.50 56 48 16 3 Dynamic

-----------------------------------------------------------------------------

Entries with client lease but no listeners

 

 

MAC Address

IP Address

Expires(s) VLAN Port

ID

Source

-----------------------------------------------------------------------------

None...

-----------------------------------------------------------------------------

Entries with no client lease and no listeners

MAC Address IP Address Expires(s) VLAN Port ID Source

-----------------------------------------------------------------------------

None...

Page 4 AlliedWare™ OS How To Note: DHCP Snooping on Rapier-style switches

Page 3 Page 5
Image 4
Page 3 Page 5
Contents AlliedWareTM OS IntroductionThis document contains the following contents Minimum configuration Related How To NotesDhcp snooping Database survival across reboots DatabaseDhcp snooping database time-out Verifying the status of snooped usersList of terms ARP SecurityEnabling Dhcp snooping Trusted and non-trusted portsStatic binding Completely removing the Dhcp snooping database So the database is emptyDhcp Option Example Packet Protocol detailsDhcp Message Type = Dhcp Request Configuring Option AnalysisConfiguring filtering Dhcp filteringTo enable Dhcp snooping ARP security Dhcp snooping filter show commandARP security Resource considerationsOr if ARP security is enabled, is If ARP security is enabled, addExample on a Rapier Configuration examples Configure a private Vlan for customersEnable Dhcp snooping and Option 82 support Add the tagged uplink ports to the VlanAdd the untagged ports for the customers Define the Dhcp snooping trusted portsDefine the upstream QoS flow groups Create a set of QoS classifiersCreate a traffic class for all upstream flow groups Configure two VLANs for layer 3 access to the Dhcp server Add ports to the VLANsFor layer 3 support, enable the Bootp Relay Define the Dhcp snooping trusted portCreate a set of QoS classifiers Troubleshooting No trusted ports configuredDHCPSNProcess 0b4333cc Dhcp Snooping pkt for Vlan From port DHCPSNProcess 0b4333cc TaggedNone UntaggedNoneDhcp client continually sends requests instead of a discover Maximum number of leases is exceededManager set dhcpsnooping port=3 maxleases=2 Switch is dropping ARPsDhcpsnarp 01a6f5ec ARP to be forwarded, sender validated Dhcpsnarp 02680e6c ARP to be forwarded, sender validated Trusted portsShow log command is also very useful Displaying log entriesAppendix 1 ISC Dhcp server C613-16086-00 REV B
Top Page Image Contents