ExtremeSwitching (EXOS)

 View Only

  • 1.  EXOS - Configure IP-Security DHCP-Snooping Trusted Ports

    Posted 05-08-2018 07:01

    Hi,
    Hardware is X450G2, Firmware 22.4.1.4.
    I´d like to configure "ip-security dhcp-snooping" on Layer2 Access Switch for a few VLANs. How to configure Uplink Ports to Layer3 Core Switch where VLAN IP Interface resides ?

    For example, if 1:28 ist the interswitch link between Access and Core (Uplink), do I only have to configure
    "configure trusted-ports 1:28 trust-for dhcp-server"
    and that´s it for all VLANs ?
    Or is it necessary to configure additionally
    "enable ip-security dhcp-snooping vlan VLAN10 port 1:28 violation-action none"
    "enable ip-security dhcp-snooping vlan VLAN11 port 1:28 violation-action none"
    "enable ip-security dhcp-snooping vlan VLAN15 port 1:28 violation-action none"
    for every vlan where DHCP Snooping is enabled ?

    I´m asking due to https://extremeportal.force.com/ExtrArticleDetail?an=000080865
    NOTE: Please ensure that ip-security dhcp-snooping is enabled on the port where the DHCP traffic is expected to ingress / egress the switch and ensure that the violation-action is set to none

    Thanks,
    Marcus



  • 2.  RE: EXOS - Configure IP-Security DHCP-Snooping Trusted Ports

    Posted 10-01-2018 14:59
    The following is my understanding of what is needed. I am looking for confirmation of that though.

    #Enable dhcp-snooping and configure the desired action for each VLAN

    enable ip-security dhcp-snooping vlan black ports all violation-action drop-packet block-mac permanently

    #Configure upstream ports as trusted for dhcp

    configure trusted-ports 1:49,2:49 trust-for dhcp-server