Manuals / Allied Telesis / Computer Equipment / Switch

Allied Telesis AT-8600 Series, Rapier i Series, AT-8700XL Series manual Switch is dropping ARPs

Models: AT-8700XL Series AT-8600 Series Rapier i Series

1 26

Download 26 pages 29.76 Kb

Page 22

Switch is dropping ARPs

Troubleshooting

Increasing the port’s maximum leases will permit multiple clients per port.

Manager > set dhcpsnooping port=3 maxleases=2

Info (1137260): DHCP Snooping port(s) 3 updated successfully.

Switch is dropping ARPs

If you have DHCP snooping in ARP security mode, then unknown clients on untrusted ports will not be able to ARP.

DHCPSN_ARP: [0193a9ec] ARP Received on untrusted port 24 VLAN 1

DHCPSN_ARP: [0193a9ec] ARP Discarded, sender not found in DHCP Snoop DB

Known clients on untrusted ports will be able to ARP.

DHCPSN_ARP: [01a6f5ec] ARP Received on untrusted port 1 VLAN 1

DHCPSN_ARP: [01a6f5ec] ARP to be forwarded, sender validated

DHCPSN_ARP: [01a6f5ec] Forwarding ARP at L2 for VLAN 1

DHCPSN_ARP: [01a6f5ec] Forward ports (except 1)

DHCPSN_ARP: [01a6f5ec] Tagged:None

DHCPSN_ARP: [01a6f5ec] Untagged:24

A client is known on an untrusted port if it has an IP/MAC entry in the DHCP snooping database (show dhcpsnooping database). Your DHCP server must be on a trusted port.

Manager > set dhcpsnooping port=24 trusted=yes

Info (1137260): DHCP Snooping port(s) 24 updated successfully.

Manager >

DHCPSN_ARP: [023a218c] ARP Received on trusted port 24 VLAN 1

DHCPSN_ARP: [023a218c] Forwarding ARP at L2 for VLAN 1

DHCPSN_ARP: [023a218c] Forward ports (except 24)

DHCPSN_ARP:	[023a218c]	Tagged:None
DHCPSN_ARP:	[023a218c]	Untagged:1

Page 22 AlliedWare™ OS How To Note: DHCP Snooping on Rapier-style switches

Image 22

Allied Telesis AT-8600 Series, Rapier i Series, AT-8700XL Series manual Switch is dropping ARPs

Contents

Introduction AlliedWareTM OSz AT-8800 series z AT-8600 series z AT-8700XL series Which products and software version does this information apply to?z Rapier and Rapier i series Minimum configuration Related How To NotesDHCP snooping DHCP snooping database time-out Database survival across rebootsThe database Verifying the status of snooped usersList of terms Enabling DHCP snooping Trusted and non-trusted portsStatic binding So the database is empty Completely removing the DHCP snooping databaseDHCP snooping DHCP Option DHCP OptionProtocol details Example PacketConfiguring Option AnalysisConfiguring filtering DHCP filteringARP security X To enable DHCP snooping ARP securityDHCP snooping filter show command Resource considerationsX or if ARP security is enabled, is X If ARP security is enabled, addExample on a Rapier Configuration examples X Configure a private VLAN for customersX Add the untagged ports for the customers X Enable DHCP snooping and Option 82 supportX Add the tagged uplink ports to the VLAN X Define the DHCP snooping trusted portsX Define the upstream QoS flow groups X Create a set of QoS classifiersX Create a traffic class for all upstream flow groups create vlan=Customers vid=48 create vlan=Network vid=50 X Configure two VLANs for layer 3 access to the DHCP serverX Add ports to the VLANs add vlan=48 port=1-24 add vlan=50 port=25X Enable DHCP snooping and Option 82 support X For layer 3 support, enable the BOOTP RelayX Define the DHCP snooping trusted port X Configure the switch’s IPX Define the upstream QoS flow groups X Create a set of QoS classifiersX Create a traffic class for all upstream flow groups Troubleshooting No trusted ports configuredDHCPSNProcess 0b47ee6c Error adding entry to DB The DHCP client continually sends requests instead of a discoverMaximum number of leases is exceeded DHCPSNDB Updating entryId 7. FlagsSwitch is dropping ARPs trusted ports TroubleshootingDHCPSNARP 02680e6c ARP to be forwarded, sender validated UntaggedNoneThe show log command is also very useful Displaying log entriesTroubleshooting Appendix 1 ISC DHCP server Appendix 1 ISC DHCP serverif exists agent.circuit-id