Allied Telesis AT-8700XL Series, Rapier i Series, AT-8600 Series manual List of terms, ARP Security

Page 5

DHCP snooping

List of terms:

MAC Address: The MAC address of the snooped DHCP client.

IP Address: The IP address that has been allocated to the snooped DHCP client.

Expires: The time, in seconds, until the DHCP client entry will expire.

VLAN: The VLAN to which the snooped DHCP client is connected.

Port: The port to which the snooped DHCP client is connected.

ID: The unique ID for the entry in the DHCP snooping database. This ID is dynamically allocated to all clients. (The same ID can be seen in show dhcpsnooping filter.)

Database Listeners: These are switch features (or modules) that have registered to listen to the Binding Database. Database listeners are informed when an entry is added or deleted from the database. In this case the Classifier module will be informed so the dynamic classifiers can be updated.

Source: How the DHCP binding was entered into the database:

zUser = static

zFile = read from bindings. dsn (usually at boot time)

zDynamic = it was snooped

To see port details, use the commands show dhcpsnooping port and show dhcpsnooping count.

Manager > show dhcpsnooping port=16

DHCP Snooping Port Information:

---------------------------------------------------------------------

Port

16

Trusted

No

Full Leases/Max Leases ... 1/1

Subscriber-ID

Manager > show dhcpsnooping count

DHCP Snooping Counters

 

---------------------------------------------------------------------

DHCP Snooping

 

InPackets

1751

InBootpRequests

908

InBootpReplies

843

InDiscards

0

ARP Security

 

InPackets

0

InDiscards

0

NoLease

0

Invalid

0

---------------------------------------------------------------------

Page 5 AlliedWare™ OS How To Note: DHCP Snooping on Rapier-style switches

Page 4 Page 6
Image 5
Page 4 Page 6
Contents Introduction AlliedWareTM OSThis document contains the following contents Dhcp snooping Related How To NotesMinimum configuration Database Database survival across rebootsDhcp snooping database time-out Verifying the status of snooped usersARP Security List of termsStatic binding Trusted and non-trusted portsEnabling Dhcp snooping So the database is empty Completely removing the Dhcp snooping databaseDhcp Option Dhcp Message Type = Dhcp Request Protocol detailsExample Packet Analysis Configuring OptionDhcp filtering Configuring filteringDhcp snooping filter show command To enable Dhcp snooping ARP securityARP security Resource considerationsExample on a Rapier If ARP security is enabled, addOr if ARP security is enabled, is Configure a private Vlan for customers Configuration examplesAdd the tagged uplink ports to the Vlan Enable Dhcp snooping and Option 82 supportAdd the untagged ports for the customers Define the Dhcp snooping trusted portsCreate a traffic class for all upstream flow groups Create a set of QoS classifiersDefine the upstream QoS flow groups Add ports to the VLANs Configure two VLANs for layer 3 access to the Dhcp serverDefine the Dhcp snooping trusted port For layer 3 support, enable the Bootp RelayCreate a set of QoS classifiers No trusted ports configured TroubleshootingDHCPSNProcess 0b4333cc Dhcp Snooping pkt for Vlan From port DHCPSNProcess 0b4333cc TaggedNone UntaggedNoneMaximum number of leases is exceeded Dhcp client continually sends requests instead of a discoverDhcpsnarp 01a6f5ec ARP to be forwarded, sender validated Switch is dropping ARPsManager set dhcpsnooping port=3 maxleases=2 Trusted ports Dhcpsnarp 02680e6c ARP to be forwarded, sender validatedDisplaying log entries Show log command is also very usefulAppendix 1 ISC Dhcp server C613-16086-00 REV B
Top Page Image Contents