Dhcp Snooping Configuration Guidelines; Enabling Dhcp Snooping - Alcatel-Lucent OmniSwitch 6850-48 Network Configuration Manual
Software release 6
Hide thumbs
Also See for OmniSwitch 6850-48:
- Cli reference manual (3706 pages) ,
- Management manual (312 pages) ,
- Hardware user's manual (188 pages)
Table of Contents
Advertisement
Configuring DHCP Relay
•
The port from where the DHCP packet originated.
•
The VLAN associated with the port from where the DHCP packet originated.
•
The lease time for the assigned IP address.
•
The binding entry type; dynamic or static (user-configured).
After extracting the above information and populating the binding table, the packet is then forwarded to
the port from where the packet originated. Basically, the DHCP Snooping features prevents the normal
flooding of DHCP traffic. Instead, packets are delivered only to the appropriate client and server ports.
DHCP Snooping Configuration Guidelines
Consider the following when configuring the DHCP Snooping feature:
•
Layer 3 DHCP Snooping requires the use of the relay agent to process DHCP packets. As a result,
DHCP clients and servers must reside in different VLANs so that the relay agent is engaged to forward
packets between the VLAN domains. See
page 31-10
for information about how to configure the relay agent on the switch.
•
Layer 2 DHCP Snooping does not require the use of the relay agent to process DHCP packets. As a
result, an IP interface is not needed for the client/server VLAN. See
page 31-24
for more information.
•
Both Layer 2 and Layer 3 DHCP Snooping are active when DHCP Snooping is globally enabled for
the switch or enabled on a one or more VLANs. See
more information.
•
Configure ports connected to DHCP servers within the network as trusted ports. See
Port Trust Mode" on page 31-21
•
Make sure that Option-82 data insertion is always enabled at the switch or VLAN level. See
DHCP Snooping" on page 31-19
•
DHCP packets received on untrusted ports that already contain the Option-82 data field are discarded
by default. To accept such packets, configure DHCP Snooping to bypass the Option-82 check. See
"Bypassing the Option-82 Check on Untrusted Ports" on page 31-21
•
By default, rate limiting of DHCP traffic is done at a rate of 512 DHCP messages per second per
switching ASIC. Each switching ASIC controls 12 ports (e.g., ports 1–12, 13–24, etc.) on an OS6800
and 24 ports (e.g. ports 1–24, 25–48, etc.) on an OS6850 unit or OS9000 module.
Enabling DHCP Snooping
There are two levels of operation available for the DHCP Snooping feature: switch level or VLAN level.
These two levels are exclusive of each other in that they both cannot operate on the switch at the same
time. In addition, if the global DHCP relay agent information option (Option-82) is enabled for the switch,
then DHCP Snooping at any level is not available. See
(Option-82)" on page 31-15
Note. DHCP Snooping drops server packets received on untrusted ports (ports that connect to devices
outside the network or firewall). It is important to configure ports connected to DHCP servers as trusted
ports so that traffic to/from the server is not dropped.
OmniSwitch AOS Release 6 Network Configuration Guide
"Configuring BOOTP/DHCP Relay Parameters" on
for more information.
for more information.
for more information.
Configuring DHCP Security Features
"Layer 2 DHCP Snooping" on
"Enabling DHCP Snooping" on page 31-19
for more information.
"Using the Relay Agent Information Option
September 2009
for
"Configuring the
"Enabling
page 31-19
Hide quick links:
Advertisement
Table of Contents
