1. Manuals
  2. Brands
  3. Allied Telesis Manuals
  4. Switch
  5. AT-8600 Series
  6. How to use manual

Trusted And Non-Trusted Ports; Enabling Dhcp Snooping; Static Binding - Allied Telesis AT-8600 Series How To Use Manual

Alliedware os dhcp snooping, option 82, and filtering on alliedware os
Hide thumbs Also See for AT-8600 Series:
Table of Contents

Advertisement

Trusted and non-trusted ports

The concept of trusted and non-trusted ports is fundamental to the operation of DHCP
snooping:
Trusted ports connect to a trusted entity in the network, and are under the complete
control of the network manager.
Non-trusted ports connect an untrusted entity to the trusted network.
Non-trusted ports can connect to non-trusted ports.
In general, trusted ports connect to the network core, and non-trusted ports connect to
subscribers.
DHCP snooping will make forwarding decisions based on the trust status of ports:
BOOTP packets that contain Option 82 information received on untrusted ports will be
dropped
If Option 82 is enabled, the switch will insert Option 82 information into BOOTP
REQUEST packets received from an untrusted port.
BOOTP REQUEST packets that contain Option 82 information received on trusted ports
will not have the Option 82 information updated with information for the receive port. It
will be kept.
BOOTP REPLY packets (from servers) should come from a trusted source.
The switch will remove Option 82 information from BOOTP REPLY packets destined to
an untrusted port.
BOOTP REPLY packets received on non-trusted ports will be dropped.

Enabling DHCP snooping

DHCP snooping is enabled globally by the command enable dhcpsnooping. All ports are
untrusted by default. For DHCP snooping to do anything useful, at least one port must be
trusted.

Static binding

If there is a device with a statically set IP attached to a port in the DHCP snooping port
range, then, with filtering enabled it is necessary to statically bind it to the port. This will
ensure the device's IP connectivity to the rest of the network.
If a device with the IP 172.16.1.202 and MAC address 00-00-00-00-00-ca is attached to
VLAN 1 on port 2 then a static binding is configured by adding the following command to the
basic DHCP configuration (see
add dhcpsnooping binding=00-00-00-00-00-CA interface=vlan1 ip=172.16.1.202
port=2
Adding a static binding uses a lease on the port. If the maximum leases on the port is 1 (the
default), the static binding means that no device on the port can acquire an address by DHCP.
Page 6 | AlliedWare™ OS How To Note: DHCP Snooping on Rapier-style switches
"Minimum configuration" on page
DHCP snooping
3):

Advertisement

Table of Contents
loading

Related Manuals for Allied Telesis AT-8600 Series

Related Content for Allied Telesis AT-8600 Series

This manual is also suitable for:

At-8700xlAt-8800Rapier seriesRapier i series

Table of Contents

Save Article as PDF