1. Manuals
  2. Brands
  3. Allied Telesis Manuals
  4. Switch
  5. AT-8600 Series
  6. How to use manual

Arp Security; Resource Considerations - Allied Telesis AT-8600 Series How To Use Manual

Alliedware os dhcp snooping, option 82, and filtering on alliedware os
Hide thumbs Also See for AT-8600 Series:
Table of Contents

Advertisement

ARP security

It is also possible to enable DHCP snooping ARP security. If enabled this will ensure that ARP
packets received on non-trusted ports are only permitted if they originate from an IP address
that has been allocated by DHCP.
enable dhcpsnooping arpsecurity
DHCP snooping filter show command
To see what addresses have been inserted into filters using DHCP snooping classifiers, use
the command show dhcpsnooping filter:
Manager > show dhcpsnooping filter
DHCPSnooping ACL ( 150 entries )
ClassID
----------------------------------------------------------------------
60161
61161
62161
...
List of terms:
The FlowID refers to the associated QoS FlowGroup.
The EntryID refers to the associated entry in the DHCP snooping database.
The ClassID refers to the dynamically created classifier entry.

Resource considerations

Because of the potential for classifier replication, you need to be cautious about running out
of classifier resource. Some resource calculations are provided below.
When configuring DHCP classifiers it is possible to run out of classifier resource, especially
when using QoS and hardware filter classifiers as well.
When DHCP snooping is enabled on an AT-8600, AT-8800, AT-8700XL, Rapier or Rapier i
series switch, it will reserve only one blocking rule for each port (unlike on AT-9900 and
x900 series switches). Each block of eight ports, starting from ports 1 to 8, share 127
available entries in the filter resource. Eight entries are immediately used by blocking rules
and so the actual number of available leases is 119 over eight ports.
Because 119 entries must be shared between eight ports, the average maximum number of
leases per port is 14. However, port 1 could be given a maximum of 100 leases, port 2 given
Page 12 | AlliedWare™ OS How To Note: DHCP Snooping on Rapier-style switches
To enable DHCP snooping ARP security:
FlowID
Port
0
16
0
16
0
16
EntryID
IP Address/Port/Mac
3
10.11.67.50/16/00-03-47-6b-a5-7a
3
10.11.67.50/16/00-03-47-6b-a5-7a
3
10.11.67.50/16/00-03-47-6b-a5-7a
DHCP filtering

Advertisement

Table of Contents
loading

Related Manuals for Allied Telesis AT-8600 Series

Related Content for Allied Telesis AT-8600 Series

This manual is also suitable for:

At-8700xlAt-8800Rapier seriesRapier i series

Table of Contents

Save Article as PDF