Table of Contents
Advertisement
Untrusted ports are connected to subscribers. The Switch discards DHCP packets from untrusted ports in
the following situations:
• The packet is a DHCP server packet (for example, OFFER, ACK, or NACK).
• The source MAC address and source IP address in the packet do not match any of the current
bindings.
• The packet is a RELEASE or DECLINE packet, and the source MAC address and source port do not
match any of the current bindings.
• The rate at which DHCP packets arrive is too high.
26.19.1.2 DHCP Snooping Database
The Switch stores the binding table in volatile memory. If the Switch restarts, it loads static bindings from
permanent memory but loses the dynamic bindings, in which case the devices in the network have to
send DHCP requests again. As a result, it is recommended you configure the DHCP snooping database.
The DHCP snooping database maintains the dynamic bindings for DHCP snooping and ARP inspection
in a file on an external TFTP server. If you set up the DHCP snooping database, the Switch can reload the
dynamic bindings from the DHCP snooping database after the Switch restarts.
You can configure the name and location of the file on the external TFTP server. The file has the following
format:
Figure 222 DHCP Snooping Database File Format
<initial-checksum>
TYPE DHCP-SNOOPING
VERSION 1
BEGIN
<binding-1> <checksum-1>
<binding-2> <checksum-1-2>
...
...
<binding-n> <checksum-1-2-..-n>
END
The <initial-checksum> helps distinguish between the bindings in the latest update and the bindings
from previous updates. Each binding consists of 72 bytes, a space, and another checksum that is used
to validate the binding when it is read. If the calculated checksum is not equal to the checksum in the
file, that binding and all others after it are ignored.
26.19.1.3 DHCP Relay Option 82 Information
The Switch can add information to DHCP requests that it does not discard. This provides the DHCP server
more information about the source of the requests. The Switch can add the following information:
• Slot ID (1 byte), port ID (1 byte), and source VLAN ID (2 bytes)
• System name (up to 32 bytes)
This information is stored in an Agent Information field in the option 82 field of the DHCP headers of client
DHCP request frames. See
When the DHCP server responds, the Switch removes the information in the Agent Information field
before forwarding the response to the original source.
Chapter 26 IP Source Guard
Chapter 42 on page 405
XGS2210 Series User's Guide
294
for more information about DHCP relay option 82.
- Quick Links:
- The Web Configurator
- Resetting the Switch
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
