Enterasys C5G124-24 - Basic Configuration

Enterasys C5G124-24

452 pages

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

DHCP Snooping

26-20 Configuring Security Features

Configuration Notes

DHCP Server

• When the switch is operating in switch mode, then the DHCP server and DHCP clients must

be in the same VLAN.

• If the switch is in routing mode (on those platforms that support routing), then the DCHP

server can be remotely connected to a routing interface, or running locally.

• If the DHCP server is remotely connected, then the use of an IP helper address is required and

MAC address verification should be disabled (set dhcpsnooping verify mac-address

disable).

• The DHCP server must use Scopes in order to provide the IP addresses per VLAN.

• DHCP snooping must be enabled on the interfaces where the DHCP clients are connected,

and the interfaces must be untrusted DHCP snooping ports.

• The routing interface that is connected to the DHCP server must be enabled for DHCP

snooping and must be a trusted DHCP snooping port.

Default Parameter Values

Procedure 26-6 Basic Configuration for DHCP Snooping

Step Task Command(s)

1. Enable DHCP snooping globally on the switch. set dhcpsnooping enable

2. Determine where DHCP clients will be

connected and enable DHCP snooping on their

VLANs.

set dhcpsnooping vlan vlan-list

enable

3. Determine which ports will be connected to the

DHCP server and configure them as trusted

ports.

set dhcpsnooping trust port

port-string enable

4. If desired, enable logging of invalid DHCP

messages on specific ports.

set dhcpsnooping log-invalid port

port-string enable

5. If desired, add static bindings to the database. set dhcpsnooping binding mac-address

vlan vlan-id ipaddr port port-string

6. If the switch has been configured as a DHCP

relay agent, disable MAC address verification.

set dhcpsnooping verify mac-address

disable

7. If desired, change the rate limiting values. set dhcpsnooping limit port-string

{none | rate pps {burst interval

secs]}

Table 26-9 DHCP Snooping Default Parameters

Parameter Default Setting

DHCP snooping Disabled globally and on all VLANs

Trusted ports All ports are untrusted

Source MAC address verification Enabled

Logging of invalid DHCP messages on

ports

Disabled

Rate limit for DHCP packets 15 packets per second

Table of Contents

Other manuals for Enterasys C5G124-24

Quick Reference2 pages

Related product manuals

Preview: Enterasys C3G124-24

Enterasys C3G124-24

Preview: Enterasys SecureStack C2

Enterasys SecureStack C2

Preview: SecureStack C2 C2G124-24

SecureStack C2 C2G124-24

Preview: Enterasys B5G124-24

Enterasys B5G124-24

Preview: Enterasys A4H124-24

Enterasys A4H124-24

Preview: Enterasys 08H20G4-24

Enterasys 08H20G4-24

Preview: Enterasys B5G124-24P2

Enterasys B5G124-24P2

Preview: Enterasys A4H124-24FX

Enterasys A4H124-24FX

Enterasys SSA-G1018-0652

Preview: Enterasys Matrix 2G4072-52

Enterasys Matrix 2G4072-52

Preview: Enterasys Matrix-V V2H124-24

Enterasys Matrix-V V2H124-24

Preview: SecureStack A2 A2H124-24

SecureStack A2 A2H124-24