Name: Enterasys b5
Brand: Enterasys
Rating: 4 (1 reviews)

To Next Page

To Previous Page

DHCP Snooping Overview

17-2 DHCP Snooping and Dynamic ARP Inspection

thehardwareforwardsclientmessagesandcopiesservermessagestotheCPUsoDHCPsnooping

canlearnthebinding.

TheDHCPsnoopingapplicationprocessesincomingDHCPmessages.ForDHCPRELEASEand

DHCPDECLINEmessages,theapplicationcomparesthereceiveinterfaceandVLANwiththe

clientʹsinterfaceandVLANinthe

bindingsdatabase.Iftheinterfacesdonotmatch,the

applicationlogstheeventanddropsthemessage.Forvalidclientmessages,DHCPsnooping

comparesthesourceMACaddresstotheDHCPclienthardwareaddress.Wherethereisa

mismatch,DHCPsnoopinglogsanddropsthepacket.Youcandisablethis

featureusingtheset

dhcpsnoopingverifymac‐addressdisablecommand.

DHCPsnoopingcanbeconfiguredonswitchingVLANsandroutingVLANs.WhenaDHCP

packetisreceivedonaroutingVLAN,theDHCPsnoopingapplicationapplies itsfilteringrules

andupdatesthe bindingsdatabase.Ifaclientmessagepassesfilteringrules,

themessageisplaced

intothesoftwareforwardingpath,whereitmaybeprocessedbytheDHCPrelayagent,thelocal

DHCPserver,orforwardedasanIPpacket.

DHCPsnoopingforwardsvalidDHCPclientmessagesreceivedonnon‐routingVLANs.The

messageisforwa r dedonalltrustedinterfacesin

theVLAN.IfaDHCPrelayagentorlocalDHCP

serverco‐existwiththeDHCPsnoopingfeature,DHCPclientmessageswillbesenttotheDHCP

relayagentorlocalDHCPservertoprocessfurther.

TheDHCPsnoopingapplicationdoesnotforwardservermessagessincetheyareforwardedin

hardware.

Building and Maintaining the Database

TheDHCPsnoopingapplicationusesDHCPmessagestobuildandmainta inthebindings

database.Thebindingsdatabaseincludesonlydataforclientsonuntrustedports.Thebindings

databaseincludesthefollowinginformationforeachentry:

•ClientMACaddress

•ClientIPaddress

•Timewhenclientʹsleaseexpires

•ClientVLANID

•Clientport

DHCPsnooping

createsatentativebindingfromDHCPDISCOVERandREQUESTmessages.

Tentativebindingstieaclienttoaport(theportwheretheDHCPclientmessagewasreceived).

TentativebindingsarecompletedwhenDHCPsnoopinglearnstheclientʹsIPaddressfroma

DHCPACKmessageonatrustedport.DHCP

snoopingremovesbindingsinresponseto

DECLINE,RELEASE,andNACKmessages.TheDHCPsnoopingapplicationignorestheACK

messagessentinreplytotheDHCPInformmessagesreceivedontrustedports.Youcanalso

enterstaticbindingsintothebindingsdatabase.

Whenaswitchlearnsofnewbindingsorwhenit

losesbindings,theswitchimmediatelyupdates

theentriesinthedatabase.

Iftheabsoluteleasetimeofasnoopingdatabaseentryexpires,thenthatentrywillberemoved.

Careshouldbetakentoensurethatsystemtimeisconsistentacrossthereboots.Otherwise,

snoopingentrieswillnotexpireproperly.Ifa

hostsendsaDHCPRELEASEmessagewhilethe

Note: If the switch has been configured as a DHCP relay agent, to forward client requests to a

DHCP server that does not reside on the same broadcast domain as the client, MAC address

verification should be disabled in order to allow DHCP RELEASE packets to be processed by the

DHCP snooping functionality and client bindings removed from the bindings database.

Brand

Enterasys

Model

Enterasys b5 User Manual

Table of Contents

Questions and Answers:

Enterasys b5 Specifications

Brand	Enterasys
Model	b5
Category	Other
Language	English