This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ
- Extreme Networks
- Community List
- Switching & Routing
- ExtremeSwitching (EXOS/Switch Engine)
- dhcp-snooping, switch don't insert option 82 infor...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
dhcp-snooping, switch don't insert option 82 information
dhcp-snooping, switch don't insert option 82 information
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā08-28-2015 06:55 AM
Hello, colleagues!
I need to insert option 82 information in dhcp-packets.
Try bootprelay - all work fine.
Trying dhcp-snooping - switch don't insert option 82 information.
My config:
enable ip-security dhcp-snooping vlan v74_Users port 16 violation-action none
enable ip-security dhcp-snooping vlan v74_Users port 20 violation-action none
enable ip-security dhcp-snooping vlan v74_Users port 21 violation-action none
enable ip-security dhcp-snooping vlan v74_Users port 26 violation-action none
enable ip-security dhcp-snooping vlan v74_Users port 27 violation-action none
configure trusted-ports 26 trust-for dhcp-server
configure ip-security dhcp-snooping information option
configure ip-security dhcp-snooping information check
configure ip-security dhcp-snooping information circuit-id vlan-information v74 vlan v74_Users
configure ip-security dhcp-snooping information circuit-id vlan-information v75 vlan v75_Users2
configure ip-security dhcp-bindings storage write-interval 1440
configure ip-security dhcp-bindings storage filename bind.txt.xsf
enable ip-security dhcp-bindings restoration
User_Guide say:
When DHCP relay is configured in a DHCP snooping environment, the relay agent IP address should be configured as the trusted server.
āconfigure trusted-servers {vlan} add server trust-for dhcp-serverā
Should I add IP-address of DHCP-server or/and configure Extreme's switch as trusted-server? But I have "configure trusted-ports 26 trust-for dhcp-server"
Any ideas?
Thank you!
I need to insert option 82 information in dhcp-packets.
Try bootprelay - all work fine.
Trying dhcp-snooping - switch don't insert option 82 information.
My config:
enable ip-security dhcp-snooping vlan v74_Users port 16 violation-action none
enable ip-security dhcp-snooping vlan v74_Users port 20 violation-action none
enable ip-security dhcp-snooping vlan v74_Users port 21 violation-action none
enable ip-security dhcp-snooping vlan v74_Users port 26 violation-action none
enable ip-security dhcp-snooping vlan v74_Users port 27 violation-action none
configure trusted-ports 26 trust-for dhcp-server
configure ip-security dhcp-snooping information option
configure ip-security dhcp-snooping information check
configure ip-security dhcp-snooping information circuit-id vlan-information v74 vlan v74_Users
configure ip-security dhcp-snooping information circuit-id vlan-information v75 vlan v75_Users2
configure ip-security dhcp-bindings storage write-interval 1440
configure ip-security dhcp-bindings storage filename bind.txt.xsf
enable ip-security dhcp-bindings restoration
User_Guide say:
When DHCP relay is configured in a DHCP snooping environment, the relay agent IP address should be configured as the trusted server.
āconfigure trusted-servers {vlan}
Should I add IP-address of DHCP-server or/and configure Extreme's switch as trusted-server? But I have "configure trusted-ports 26 trust-for dhcp-server"
Any ideas?
Thank you!
21 REPLIES 21
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā08-31-2015 08:55 AM
Hi, Drew!
I think EXOS work normally, if think logically - first packet (with MAC-address of client) which go from client should be taken relay-agent and add option 82, this first packet is DHCP-Discover. And then DHCP-server have to offer some IP-address based on circuit ID information, or doing some other manipulation. (In this case we don't take secure component of dhcp-snooping).
In this case some wrong in documentation.
I'll open case for today and update information with case number.
Thank you!
I think EXOS work normally, if think logically - first packet (with MAC-address of client) which go from client should be taken relay-agent and add option 82, this first packet is DHCP-Discover. And then DHCP-server have to offer some IP-address based on circuit ID information, or doing some other manipulation. (In this case we don't take secure component of dhcp-snooping).
In this case some wrong in documentation.
I'll open case for today and update information with case number.
Thank you!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā08-31-2015 08:55 AM
Brandon Clay pointed out to me that RFC3046 states:
A DHCP relay agent adding a Relay Agent Information field SHALL add it as the last option (but before 'End Option' 255, if present) in the DHCP options field of any recognized BOOTP or DHCP packet forwarded from a client to a server.If that's the case, then there may be something wrong in EXOS that we'd need to look at and fix. Can you please open a ticket and get this reviewed?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā08-31-2015 08:55 AM
Thank you, Drew!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā08-31-2015 08:55 AM
Thanks for pointing this one out - we'll take a look to see if the wording needs to be updated. Our documentation team has been notified.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā08-31-2015 08:55 AM
May be you are right )))
