beautypg.com

Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Page 1429

background image

DHCP Snooping Introduction and Configuration

Software Reference for x310 Series Switches

C613-50046-01 REV A

AlliedWare Plus

TM

Operating System - Version 5.4.4C

55.7

Table 55-1: DHCP filtering on the switch

When the switch ...

And ...

Then the switch ...

DHCP packets

Receives a DHCP
BOOTP packet on a
trusted port

Forwards the DHCP packet.

The packet contains a valid IP address lease
for a client, and the maximum number of
leases for the client port has not been
reached.

Adds or updates a lease entry in the
DHCP snooping database.

The maximum number of leases for the client
port has been reached.

Drops the DHCP packet, generates a
log message for the violation,
generates an SNMP notification
(trap), and does not add a lease entry
to the database.

A lease entry in the
DHCP snooping
database expires

Removes the expired entry from the
database.

Receives a DHCP
BOOTP request packet
on an untrusted port

The source MAC address and client hardware
address do not match.

Drops the packet, generates a log
message for the violation, and sends
an SNMP notification (trap).

Receives a DHCP
BOOTP request packet
on an untrusted port

The packet contains DHCP Relay Agent
Option 82 info.

Drops the DHCP packet, generates a
log message for the violation, and
sends an SNMP notification (trap).

Receives a DHCP
BOOTP reply packet on
an untrusted port

Drops the DHCP packet, generates a
log message for the violation, and
sends an SNMP notification (trap).

IP packets

Receives an IP packet
on a trusted port

Forwards the IP packet.

Receives an IP packet
on an untrusted port

Its source MAC address, IP address, and
receiving port match a valid lease entry in the
DHCP snooping database.

Forwards the IP packet.

Receives an IP packet
on an untrusted port

Its source MAC address, IP address, and
receiving port do not match a valid lease
entry in the DHCP snooping database.

Drops the packet.
Does not generate a log message or
an SNMP notification.

ARP packets

Receives an ARP
request on a trusted
port

Forwards the ARP packet.

Receives an ARP
request on an
untrusted port

Its source MAC address, IP address, and
receiving port match a valid entry in the DHCP
snooping database

Forwards the ARP packet.

Receives an ARP
request on an
untrusted port

Its source MAC address, IP address, and
receiving port do not match an entry in the
DHCP snooping database

Drops the packet, generates a log
message for the violation, and sends
an SNMP notification (trap).

See also other documents in the category Allied Telesis Computer hardware: