Allied Telesis Rapier i Series Switch User Manual


  Open as PDF
of 26
 
Page 12 | AlliedWare™ OS How To Note: DHCP Snooping on Rapier-style switches
DHCP filtering
ARP security
It is also possible to enable DHCP snooping ARP security. If enabled this will ensure that ARP
packets received on non-trusted ports are only permitted if they originate from an IP address
that has been allocated by DHCP.
enable dhcpsnooping arpsecurity
DHCP snooping filter show command
To see what addresses have been inserted into filters using DHCP snooping classifiers, use
the command show dhcpsnooping filter:
List of terms:
The FlowID refers to the associated QoS FlowGroup.
The EntryID refers to the associated entry in the DHCP snooping database.
The ClassID refers to the dynamically created classifier entry.
Resource considerations
Because of the potential for classifier replication, you need to be cautious about running out
of classifier resource. Some resource calculations are provided below.
When configuring DHCP classifiers it is possible to run out of classifier resource, especially
when using QoS and hardware filter classifiers as well.
When DHCP snooping is enabled on an AT-8600, AT-8800, AT-8700XL, Rapier or Rapier i
series switch, it will reserve only one blocking rule for each port (unlike on AT-9900 and
x900 series switches). Each block of eight ports, starting from ports
1
to 8, share
1
27
available entries in the filter resource. Eight entries are immediately used by blocking rules
and so the actual number of available leases is
11
9 over eight ports.
Because
11
9 entries must be shared between eight ports, the average maximum number of
leases per port is
1
4. However, port
1
could be given a maximum of
1
00 leases, port 2 given
X To enable DHCP snooping ARP security:
Manager > show dhcpsnooping filter
DHCPSnooping ACL ( 150 entries )
ClassID FlowID Port EntryID IP Address/Port/Mac
----------------------------------------------------------------------
60161 0 16 3 10.11.67.50/16/00-03-47-6b-a5-7a
61161 0 16 3 10.11.67.50/16/00-03-47-6b-a5-7a
62161 0 16 3 10.11.67.50/16/00-03-47-6b-a5-7a
...
 previous next