dhcp binding + dhcp excluded

  • 1
  • 1
  • Question
  • Updated 2 years ago
  • Answered
Hello, all!

Can you, please, give me explanation about DHCP-binding.

User Guide says "The DHCP bindings database contains the IP address, MAC Address, VLAN ID, and port number of the untrusted interface or client."
But as I understand dhcp binding - when we want to give to some client MAC address preconfigured IP address. Or I'm wrong?
If I wrong - how can we bind MAC-IP addresses pairs?

And last question: how can we exclude some addresses from switch DHCP-server?
As I remember - there wasn't so option.
But what we have to do if switch have dhcp-server with pool, for example, 10.0.0.50 - 10.0.0.100, but we have some clients which have static address 10.0.0.70 ???
Photo of Alexandr P

Alexandr P, Embassador

  • 12,042 Points 10k badge 2x thumb

Posted 2 years ago

  • 1
  • 1
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 12,782 Points 10k badge 2x thumb
The DHCP binding database of the switch pertains to DHCP snooping, where the switch records which IP address has been provided to and accepted by what MAC address.
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 12,782 Points 10k badge 2x thumb
I don't think this is possible. The "ip-security dhcp-binding" commands pertain to DHCP snooping as far as I know.

You would need to specify an address range that does not include statically assigned addresses.
Photo of Kawawa

Kawawa, GTAC

  • 3,200 Points 3k badge 2x thumb
Photo of Alexandr P

Alexandr P, Embassador

  • 12,042 Points 10k badge 2x thumb
Hi, Kawawa!

I look there. In this section "Configuring DHCP Binding" all clear.

But earlier, in section "DHCP Snooping and Trusted DHCP Server" was write that "The DHCP bindings database contains the IP address, MAC Address, VLAN ID, and port number of the untrusted interface or client." Word untrusted confused me.
Photo of Kawawa

Kawawa, GTAC

  • 3,200 Points 3k badge 2x thumb
Ahh yes, I now follow. My understanding is that all ports are untrusted unless listed as trusted, therefore the switch drops and logs a violation for any DHCP packets arriving from a DHCP server on that port!
Photo of Alexandr P

Alexandr P, Embassador

  • 12,042 Points 10k badge 2x thumb
OK. 
Thank you!
Photo of Kawawa

Kawawa, GTAC

  • 3,200 Points 3k badge 2x thumb
To sum up this thread, the following article outlines some ideas around DHCP Snooping and the DHCP Bindings database: How to configure DHCP Snooping on EXOS
Photo of emanuel

emanuel, Employee

  • 130 Points 100 badge 2x thumb
Interesting article on the knowledge base.
A couple of question:
- Can I read via SNMP the table with the dhcp-snooping entries ?
- I am trying to delete the

configure ip-security dhcp-bindings storage filename dhcpbind.xsf

command from my config but I can not. Any ideas ?

Thanks
Emanuel