Cisco Systems ME3400G2CSA DHCP Snooping Binding Database

18-5

Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide

78-17058-01

Chapter18 Configuring DHCP Feat ures and IP Source Guard Understanding DHCP Features

In the port field of the circuit ID suboption, the port numbers start at 3. For example, on a switch with

24 10/100 ports and small form-factor pluggable (SFP) module slots, port 3 is the Fast Ethernet 0/1 port,

port 4 is the Fast Ethernet 0/2 port, and so forth. Port 27 is the SFP module slot 0/1, and so forth.

Figure 18-2 shows the packet formats for the remote ID suboption and the circuit ID suboption. The

switch uses the packet formats when DHCP snooping is globally enabled and when the ip dhcp

snooping information option global configuration command is entered.

Figure18-2 Suboption Packet Formats

DHCP Snooping Binding Database

When DHCP snooping is enabled, the switch uses the DHCP snoopi ng bind ing databa se to stor e

information about untrusted interfaces. The database can have up to 8192 bindings.

Each database entry (binding) has an IP address, an associated MAC address, the lease time (in

hexadecimal format), the interface to which the binding applies, and the VLAN to which the interface

belongs. At the end of each entry is a checksum value that accounts for all the bytes associated with the

entry. Each entry is 72 bytes, followed by a space and then the checksum value.

To keep the bindings when the switch reloads, you must use the DHCP snooping data ba se ag en t. If t he

agent is disabled, dynamic ARP inspection or IP source g uard is ena ble d, and th e DHC P sn oopin g

binding database has dynamic bindings, the switch loses its connectivity. If the agent is disabled and only

DHCP snooping is enabled, the switch does not lose its connec tivity, but DHCP snooping might no t

prevent DHCPP spoofing attacks.

The database agent stores the bindings in a file at a configured location. When reloading, the switch

reads the binding file to build the DHCP snooping binding database. The switch keeps the file current

by updating it when the database changes.

When a switch learns of new bindings or when it loses bindings, the switch immediately updates the

entries in the database. The switch also updates the entries in the binding file. The frequency at which

the file is updated is based on a configurable delay, and the updates are batched. If the file is not updated

in a specified time (set by the write-delay and abort-timeout values), the update stops.

Length Length

Circuit

ID type

Suboption

type

Circuit ID Suboption Frame Format

Remote ID Suboption Frame Format

6 bytes

MAC address

1 byte 1 byte 1 byte

Suboption

type

1 byte

Length Length

Remote

ID type

1 byte 1 byte 1 byte1 byte

116300

4061

6082

Module Port

1 byte 1 byte2 bytes

VLAN