Dhcp snooping and switch stacks – Dell POWEREDGE M1000E User Manual

Page 549

Advertising
background image

22-7

Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide

OL-13270-03

Chapter 22 Configuring DHCP Features and IP Source Guard

Understanding DHCP Features

To keep the bindings when the switch reloads, you must use the DHCP snooping database agent. If the
agent is disabled, dynamic ARP inspection or IP source guard is enabled, and the DHCP snooping
binding database has dynamic bindings, the switch loses its connectivity. If the agent is disabled and
only DHCP snooping is enabled, the switch does not lose its connectivity, but DHCP snooping might
not prevent DHCP spoofing attacks.

When reloading, the switch reads the binding file to build the DHCP snooping binding database. The
switch updates the file when the database changes.

When a switch learns of new bindings or when it loses bindings, the switch immediately updates the
entries in the database. The switch also updates the entries in the binding file. The frequency at which
the file is updated is based on a configurable delay, and the updates are batched. If the file is not updated
in a specified time (set by the write-delay and abort-timeout values), the update stops.

This is the format of the file with bindings:

<initial-checksum>

TYPE DHCP-SNOOPING

VERSION 1

BEGIN

<entry-1> <checksum-1>

<entry-2> <checksum-1-2>

...

...

<entry-n> <checksum-1-2-..-n>

END

Each entry in the file is tagged with a checksum value that the switch uses to verify the entries when it
reads the file. The initial-checksum entry on the first line distinguishes entries associated with the latest
file update from entries associated with a previous file update.

This is an example of a binding file:

2bb4c2a1

TYPE DHCP-SNOOPING

VERSION 1

BEGIN

192.1.168.1 3 0003.47d8.c91f 2BB6488E Gi1/0/4 21ae5fbb

192.1.168.3 3 0003.44d6.c52f 2BB648EB Gi1/0/4 1bdb223f

192.1.168.2 3 0003.47d9.c8f1 2BB648AB Gi1/0/4 584a38f0

END

When the switch starts and the calculated checksum value equals the stored checksum value, the switch
reads entries from the binding file and adds the bindings to its DHCP snooping binding database. The
switch ignores an entry when one of these situations occurs:

The switch reads the entry and the calculated checksum value does not equal the stored checksum
value. The entry and the ones following it are ignored.

An entry has an expired lease time (the switch might not remove a binding entry when the lease time
expires).

The interface in the entry no longer exists on the system.

The interface is a routed interface or a DHCP snooping-trusted interface.

DHCP Snooping and Switch Stacks

DHCP snooping is managed on the stack master. When a new switch joins the stack, the switch receives
the DHCP snooping configuration from the stack master. When a member leaves the stack, all DHCP
snooping address bindings associated with the switch age out.

Advertising
Popular Brands
Popular manuals