ExtremeSwitching (EXOS)

  • 1.  Limit trusted-servers DHCP per VLAN

    Posted 08-07-2017 07:46
    Hi,

    Was almost reluctant to post this question in fear the answer is likely to be obvious, but I am trying to configure a trusted DHCP server, but I can only see a per VLAN configuration statement (trusted port to one side for now). So my configuration is per below:

    configure trusted-servers vlan Stack2_Data add server 192.168.200.40 trust-for dhcp-server
    configure trusted-servers vlan Mgmt-Stack2 add server 192.168.200.40 trust-for dhcp-server
    configure trusted-servers vlan Wireless_CorpLaptop add server 192.168.200.40 trust-for dhcp-server
    configure trusted-servers vlan Security_NW add server 192.168.200.40 trust-for dhcp-server
    configure trusted-servers vlan Power-Bars add server 192.168.200.40 trust-for dhcp-server
    configure trusted-servers vlan AV add server 192.168.200.40 trust-for dhcp-server
    configure trusted-servers vlan Legacy-Data add server 192.168.200.40 trust-for dhcp-server
    configure trusted-servers vlan Legacy-Wkstns add server 192.168.200.40 trust-for dhcp-server[/code]
    When I get to the next line you get the following error:

    Slot-1 STK-02.30 # configure trusted-servers vlan Stack2_Voice add server 192.168.200.40 trust-for dhcp-server
    ERROR: No more than 8 trusted DHCP servers can be configured across all vlans.[/code]
    This is because it is seeing each statement as individual DHCP servers even though they all have the same IP?

    So my questions is if there is a different way to put the command in to achieve what I need, considering I would like to eventually configure two trusted DHCP servers, and have over 8 VLANs?

    Perhaps this should just be done via the trusted port method instead, but I suspect something might be wrong with my syntax.

    Running a stack of 4 x X440-G2' with version 22.2.1.5

    Many thanks.


  • 2.  RE: Limit trusted-servers DHCP per VLAN

    Posted 08-07-2017 08:12
    Hi Martin,

    I believe you can use this command instead.
    "configure trusted-ports trust-for dhcp-server"

    Usage Guidelines (for the Trusted-servers) from the command reference guide

    If you configure trusted DHCP server, the switch forwards only DHCP packets from the trusted servers.

    The switch drops DHCP packets from other DHCP snooping-enabled ports.
    You can configure a maximum of eight trusted DHCP servers on the switch.

    If you configure a port as a trusted port, the switch assumes that all DHCP server packets on that port are valid.



  • 3.  RE: Limit trusted-servers DHCP per VLAN

    Posted 08-07-2017 21:58
    Hello Martin,

    Maybe this script could help you.

    How to configure DHCP Snooping on EXOS
    https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-DHCP-Snooping-on-EXOS

    Regards,
    Bin



  • 4.  RE: Limit trusted-servers DHCP per VLAN

    Posted 08-07-2017 23:22
    Hi Martin,

    Your syntax looks no problem. The error log was occurred as you configured a trusted-dhcp server over more than 8 VLANs.

    The reason that you are going to configure the DHCP server over several VLANs is that the trusted DHCP server is connected through a uplink port of this switch via tagged for several VLANs?
    If yes, then you may need to use the "Trusted-port" configuration for the uplink port, as you are already considering.

    If the trusted-DHCP server is directly connected to this switch, then I think you can just configure the VLAN only where the trusted DHCP server is directly connected as trusted-servers vlan.

    Regards,
    David


  • 5.  RE: Limit trusted-servers DHCP per VLAN

    Posted 08-08-2017 08:10
    Thanks guys - that cleared it up for me 🙂