Allied Telesis AT-8600 Series - Manuals

Allied Telesis AT-8600 Series – Manual in PDF format online.

Manuals:

Manual

Manual Allied Telesis AT-8600 Series

Summary

Page 2 - This document contains the following contents:

Page 2 | AlliedWare™ OS How To Note: DHCP Snooping on Rapier-style switches Introduction This document contains the following contents: Introduction .............................................................................................................................................. 1 Which ...

Page 3 - Related How To Notes; How To Notes are available from the library at; DHCP snooping; DHCP snooping performs two main tasks:; Minimum configuration

Page 3 | AlliedWare™ OS How To Note: DHCP Snooping on Rapier-style switches DHCP snooping Related How To Notes The following How To Note describes DHCP snooping on AT-9900, x900-48 and AT-8948 series switches: z How To Use DHCP Snooping, Option 82, and Filtering on AT-9900 and x900-48 Series Switche...

Page 4 - The database; DHCP snooping database time-out; show dhcpsnooping database

Page 4 | AlliedWare™ OS How To Note: DHCP Snooping on Rapier-style switches DHCP snooping The database The switch watches the DHCP packets that it is passing back-and-forth. It also maintains a database that lists the DHCP leases it knows are being held by devices downstream of its ports. Each lease...

Page 6 - Trusted and non-trusted ports; not; Enabling DHCP snooping; enable dhcpsnooping; Static binding

Page 6 | AlliedWare™ OS How To Note: DHCP Snooping on Rapier-style switches DHCP snooping Trusted and non-trusted ports The concept of trusted and non-trusted ports is fundamental to the operation of DHCP snooping: z Trusted ports connect to a trusted entity in the network, and are under the complet...

Page 7 - Completely removing the DHCP snooping database; So the database is empty:

Page 7 | AlliedWare™ OS How To Note: DHCP Snooping on Rapier-style switches DHCP snooping Completely removing the DHCP snooping database To completely remove the database, it is necessary to delete the file nvs:bindings.dsn . So the database is empty: Manager > delete fi=nvs:bindings.dsn nvs:bind...

Page 8 - DHCP Option 82; have

Page 8 | AlliedWare™ OS How To Note: DHCP Snooping on Rapier-style switches DHCP Option 82 DHCP Option 82 DHCP Relay Agent Information Option 82 is an extension to the Dynamic Host Configuration Protocol (DHCP), and is defined in RFC 3046 and RFC 3993. DHCP Option 82 can be used to send information ...

Page 9 - Protocol details; The sub-options within the DHCP option are constructed as follows:; Example Packet

Page 9 | AlliedWare™ OS How To Note: DHCP Snooping on Rapier-style switches DHCP Option 82 Protocol details In the DHCP packet, the Option 82 segment is organized as a single DHCP option containing one or more sub-options that convey information known by the relay agent. The format of the option is ...

Page 10 - Analysis; The Agent circuit ID string; Configuring Option 82; Agent Circuit ID; and; Agent Remote ID; are sub-options that are also sent as part of the

Page 10 | AlliedWare™ OS How To Note: DHCP Snooping on Rapier-style switches DHCP Option 82 Analysis The following table provides an analysis of the strings in the above DHCP Request packet extract: The Agent circuit ID string 00 30 00 05 translates as: 30 = vlan48 05 = switch port 5 Configuring Opt...

Page 11 - DHCP filtering; Configuring filtering; maxlease; number of entries on that port, or the switch has run

Page 11 | AlliedWare™ OS How To Note: DHCP Snooping on Rapier-style switches DHCP filtering DHCP filtering The purpose of DHCP filtering is to prevent IP addresses from being falsified or ‘spoofed’. This guarantees that customers cannot avoid detection by spoofing an IP address that was not actually...

Page 12 - ARP security; DHCP snooping filter show command; show dhcpsnooping filter; Resource considerations; average; To enable DHCP snooping ARP security:

Page 12 | AlliedWare™ OS How To Note: DHCP Snooping on Rapier-style switches DHCP filtering ARP security It is also possible to enable DHCP snooping ARP security. If enabled this will ensure that ARP packets received on non-trusted ports are only permitted if they originate from an IP address that h...

Page 13 - disable igmpsnooping; Example on a Rapier 24i; If leases are 2 on ports

Page 13 | AlliedWare™ OS How To Note: DHCP Snooping on Rapier-style switches DHCP filtering a maximum of 1 3 leases and ports 3 to 8 given 1 lease each. After that, no port could have its leases increased because the filter resource is completely used up. Note: On Allied Telesis switches, IGMP snoop...

Page 14 - Configuration examples; This section contains the following examples:; onfigure a private VLAN for customers:

Page 14 | AlliedWare™ OS How To Note: DHCP Snooping on Rapier-style switches Configuration examples Configuration examples This section contains the following examples: z "Configuring the switch for DHCP snooping, filtering and Option 82, when it is acting as a layer 2 switch" on page 14 z &...

Page 15 - Add the tagged uplink ports to the VLAN:

Page 15 | AlliedWare™ OS How To Note: DHCP Snooping on Rapier-style switches Configuration examples add vlan="48" port=24 frame=tagged uplink add vlan="48" port=1-23 This is a layer 2 solution. The IP protocol does not need to be configured. enable dhcpsnooping enable dhcpsnooping op...

Page 16 - Create a set of QoS classifiers:

Page 16 | AlliedWare™ OS How To Note: DHCP Snooping on Rapier-style switches Configuration examples create classifier=50 tcpdport=20 create classifier=51 tcpdport=21 create classifier=52 tcpdport=23 create classifier=53 ethformat=ethii prot=0800 Classifiers will be applied in QoS to allow prioritisa...

Page 17 - Configure two VLANs for layer 3 access to the DHCP server:

Page 17 | AlliedWare™ OS How To Note: DHCP Snooping on Rapier-style switches Configuration examples Configuring the switch for DHCP snooping, filtering, and Option 82, when it is acting as a layer 3 BOOTP Relay Agent In a layer 3 routing environment, the switch takes on a role of BOOTP Relay Agent, ...

Page 18 - enable; Configure the switch’s IP; For layer 3 support, enable the BOOTP Relay:

Page 18 | AlliedWare™ OS How To Note: DHCP Snooping on Rapier-style switches Configuration examples enable ip add ip int=vlan48 ip=10.11.67.254 mask=255.255.255.0 add ip int=vlan50 ip=10.50.1.254 mask=255.255.255.0 add ip rou=0.0.0.0 mask=0.0.0.0 int=vlan50 next=10.50.1.1 enable bootp relay add boot...

Page 20 - Troubleshooting; Use the command; enable dhcpsnooping debug=all; to get the most verbose level of; No trusted ports configured; The switch does not forward this on to any other port.

Page 20 | AlliedWare™ OS How To Note: DHCP Snooping on Rapier-style switches Troubleshooting Troubleshooting Use the command enable dhcpsnooping debug=all to get the most verbose level of debugging available. In the following sections, all debugging comes from that command. Let’s look at how you can...

Page 21 - Maximum number of leases is exceeded

Page 21 | AlliedWare™ OS How To Note: DHCP Snooping on Rapier-style switches Troubleshooting The DHCP client continually sends requests instead of a discover This happens when the client is renewing its lease or, for whatever reason, believes that should be issued a specific address. If the client d...

Page 22 - Switch is dropping ARPs; Known clients on untrusted ports

Page 22 | AlliedWare™ OS How To Note: DHCP Snooping on Rapier-style switches Troubleshooting Increasing the port’s maximum leases will permit multiple clients per port. Switch is dropping ARPs If you have DHCP snooping in ARP security mode, then unknown clients on untrusted ports will not be able to...

Page 23 - will

Page 23 | AlliedWare™ OS How To Note: DHCP Snooping on Rapier-style switches Troubleshooting You cannot work around dropped ARPs from the DHCP server by statically binding the DHCP server’s IP and MAC address to a port, instead of setting it as trusted. The switch will not send the DHCP server the D...

Page 24 - Displaying log entries; The; show log; command is also very useful:

Page 24 | AlliedWare™ OS How To Note: DHCP Snooping on Rapier-style switches Troubleshooting Displaying log entries The show log command is also very useful: Manager > sh log Date/Time S Mod Type SType Message ------------------------------------------------------------------------ 02 21:42:55 3 ...

Page 25 - Appendix

Page 25 | AlliedWare™ OS How To Note: DHCP Snooping on Rapier-style switches Appendix 1 : ISC DHCP server Appendix 1 : ISC DHCP server One DHCP server that has been tested against DHCP snooping is ISC DHCP. This is free software with an option of a support contract. At the time of writing this docum...

Page 26 - The following configuration (thanks to