Dhcp Snooping Binding Database - Cisco Catalyst 2960 Software Configuration Manual
Hide thumbs
Also See for Catalyst 2960:
- Configuration manual (2288 pages) ,
- Command reference manual (800 pages) ,
- Hardware installation manual (108 pages)
Table of Contents
Advertisement
Understanding DHCP Snooping
Figure 20-3
Circuit ID Suboption Frame Format (for user-configured string):
Suboption
type
1 byte
Remote ID Suboption Frame Format (for user-configured string):
Suboption
type
1 byte
DHCP Snooping Binding Database
When DHCP snooping is enabled, the switch uses the DHCP snooping binding database to store
information about untrusted interfaces. The database can have up to 64,000 bindings.
Each database entry (binding) has an IP address, an associated MAC address, the lease time (in
hexadecimal format), the interface to which the binding applies, and the VLAN to which the interface
belongs. The database agent stores the bindings in a file at a configured location. At the end of each entry
is a checksum that accounts for all the bytes from the start of the file through all the bytes associated
with the entry. Each entry is 72 bytes, followed by a space and then the checksum value.
To keep the bindings when the switch reloads, you must use the DHCP snooping database agent. If the
agent is disabled, dynamic ARP inspection or IP source guard is enabled, and the DHCP snooping
binding database has dynamic bindings, the switch loses its connectivity. If the agent is disabled and only
DHCP snooping is enabled, the switch does not lose its connectivity, but DHCP snooping might not
prevent DHCP spoofing attacks.
When reloading, the switch reads the binding file to build the DHCP snooping binding database. The
switch updates the file when the database changes.
When a switch learns of new bindings or when it loses bindings, the switch immediately updates the
entries in the database. The switch also updates the entries in the binding file. The frequency at which
the file is updated is based on a configurable delay, and the updates are batched. If the file is not updated
in a specified time (set by the write-delay and abort-timeout values), the update stops.
This is the format of the file with bindings:
<initial-checksum>
TYPE DHCP-SNOOPING
VERSION 1
BEGIN
<entry-1> <checksum-1>
<entry-2> <checksum-1-2>
...
Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE
20-6
User-Configured Suboption Packet Formats
Circuit
ID type
Length
Length
1
N+2
1
N
ASCII Circuit ID string
1 byte 1 byte 1 byte
Remote
ID type
Length
Length
2
N+2
1
N
ASCII Remote ID string or hostname
1 byte 1 byte 1 byte
Chapter 20
N bytes
(N = 3-63)
N bytes
(N = 1-63)
Configuring DHCP and IP Source Guard Features
OL-26520-01
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
