dhcp snooping bindings database

  • 0
  • 1
  • Question
  • Updated 5 years ago
  • Answered
Create Date: Jun 25 2013 11:00AM

Hi Experts,

i have this challenge:

dhcp snooping implemented on 2 vlans, default + voice
dhcp trusted server added for the 2 vlan (same server)
dhcp trusted ports uplink defined.

commands

enable ip-security dhcp-snooping vlan default port 13 violation-action ......
enable ip-security dhcp-snooping vlan voice port 13 violation-action ......

x250e code 12.0.1.11

avaya 1603 phone, first dhcp request on vlan default, with lease duration 1 minute, than 2nd dhcp request on vlan voice

Strange, typing sh ip-security dhcp-snooping entries vlan default or sh ip-security dhcp-snooping entries vlan voice

i dont have any entries, and this i think will be a problem if i'll implement other ip security feature on top of that, that replies on dhcp snooping database.

Any hint?

Andrea
(from Andrea_Gentile)
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb

Posted 5 years ago

  • 0
  • 1
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb
Create Date: Jun 25 2013 9:06PM

Hi,

you must also enable dhcp snooping on dhcp server port, for example
if your server is available on port 48:
enable ip-security dhcp-snooping vlan default port 48 violation-action none

--
Jarek

(from Jaroslaw_Kasjaniuk)
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb
Create Date: Jun 26 2013 8:19AM

Hi,

dhcp server is located in another switch of the eaps rings, so may i add the 2 uplink ports to the dhcp snooping configuration?
even if they are already defined as trust ports ?
(from Andrea_Gentile)
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb
Create Date: Jun 26 2013 11:17PM

Hi, following EXOS Concepts Guide for Release 15.3:

"You must enable DHCP snooping on both the DHCP server port as well as on the client
port. The latter ensures that DHCP client packets (DHCP Request, DHCP Release etc.) are
processed appropriately."

--
Jarek

(from Jaroslaw_Kasjaniuk)

This conversation is no longer open for comments or replies.