Dell FCX624-I Laptop User Manual


  Open as PDF
of 1494
 
PowerConnect B-Series FCX Configuration Guide 1351
53-1002266-01
DHCP snooping
39
About client IP-to-MAC address mappings
Client IP addresses need not be on directly-connected networks, as long as the client MAC address
is learned on the client port and the client port is in the same VLAN as the DHCP server port. In this
case, the system will learn the client IP-to-MAC port mapping. Therefore, a VLAN with DHCP
snooping enabled does not require a VE interface.
In earlier releases, in the Layer 3 software image, DHCP snooping does not learn the secure
IP-to-MAC address mapping for a client, if the client port is not a virtual ethernet (VE) interface with
an IP subnet address. In other words, the client IP address had to match one of the subnets of the
client port in order for DHCP to learn the address mapping.
System reboot and the binding database
To allow DAI and DHCP snooping to work smoothly across a system reboot, the binding database is
saved to a file in the system flash memory after an update to the binding database, with a 30
second delay. The flash file is written and read only if DHCP snooping is enabled.
Configuration notes and feature limitations
The following limits and restrictions apply to DHCP snooping:
To run DHCP snooping, you must first enable support for ACL filtering based on VLAN
membership or VE port membership. To do so, enter the following commands at the Global
CONFIG Level of the CLI.
PowerConnect(config)#enable ACL-per-port-per-vlan
PowerConnect(config)#write memory
PowerConnect(config)#exit
PowerConnect#reload
NOTE
You must save the configuration and reload the software to place the change into effect.
DHCP snooping is not supported on trunk ports.
DHCP snooping is not supported together with DHCP Auto-configuration.
A switch can have up to 256 ARP entries, therefore, DHCP entries are limited to 256. A router,
however, can have 64,000 ARP entries, so a router can have up to 64,000 DHCP entries, of
which only 1024 entries can be saved to flash on reboot.
ACLs are supported on member ports of a VLAN on which DHCP snooping and Dynamic ARP
Inspection (DAI) are enabled.
See also “About client IP-to-MAC address mappings” on page 1351.
DHCP snooping supports DHCP relay agent information (DHCP Option 82). For details, refer to
“DHCP relay agent information (DHCP Option 82)” on page 1354.
Configuring DHCP snooping
Configuring DHCP snooping consists of the following steps.