Home » Dell Manuals » Hubs & Switches » Dell PowerConnect 6248 » Manual Viewer

Dell PowerConnect 6248 Configuration Guide - Page 173

NSF and DHCP Snooping, If Dynamic ARP Inspection is enabled on the access switch

View all Dell PowerConnect 6248 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 173 highlights

Figure 9-3. NSF and DHCP Snooping Hosts ` ` ` LAG ` ` Hosts DHCP Server If the management unit fails, all hosts connected to that unit lose network access until that unit reboots. The hardware on surviving units continues to enforce source filters IPSG installed prior to the failover. Valid hosts continue to communicate normally. During the failover, the hardware continues to drop data packets from unauthorized hosts so that security is not compromised. If a host is in the middle of an exchange with the DHCP server when the failover occurs, the exchange is interrupted while the control plane restarts. When DHCP snooping is enabled, the hardware traps all DHCP packets to the CPU. The control plane drops these packets during the restart. The DHCP client and server retransmit their DHCP messages until the control plane has resumed operation and messages get through. Thus, DHCP snooping does not miss any new bindings during a failover. As DHCP snooping applies its checkpointed DHCP bindings, IPSG confirms the existence of the bindings with the hardware by reinstalling its source IP address filters. If Dynamic ARP Inspection is enabled on the access switch, the hardware traps ARP packets to the CPU on untrusted ports. During a restart, the control plane drops ARP packets. Thus, new traffic sessions may be briefly delayed until after the control plane restarts. If IPSG is enabled and a DHCP binding is not checkpointed to the backup unit before the failover, that host will not be able to send data packets until it renews its IP address lease with the DHCP server. Utility 173

Section	Page
Configuration Guide	1
Contents	3
About this Document	9
Organization	9
Additional Documentation	10
System Configuration	11
Traceroute	12
CLI Example	12
Configuration Scripting	13
Overview	13
Considerations	13
CLI Examples	14
Outbound Telnet	16
Overview	16
CLI Examples	17
Simple Network Time Protocol (SNTP)	17
Overview	17
CLI Examples	18
Syslog	20
Overview	20
CLI Examples	20
Port Description	22
CLI Example	22
Storm Control	23
CLI Example	23
Cable Diagnostics	25
Copper Port Cable Test	25
Fiber Port Cable Test	27
Switching Configuration	29
Virtual LANs	29
VLAN Configuration Example	30
CLI Examples	31
Web Interface	33
IP Subnet and MAC-Based VLANs	34
CLI Examples	34
Private Edge VLANs	35
CLI Example	36
Voice VLAN	37
Using Voice VLAN	37
Interaction with LLDP-MED	38
IGMP Snooping	40
CLI Examples	40
IGMP Snooping Querier	43
CLI Examples	43
Link Aggregation/Port Channels	45
CLI Example	46
Web Interface Configuration: LAGs/Port-channels	48
Port Mirroring	49
Overview	49
CLI Examples	49
Port Security	50
Overview	50
Operation	50
CLI Examples	51
Link Layer Discovery Protocol	52
CLI Examples	52
Denial of Service Attack Protection	54
Overview	54
CLI Examples	55
DHCP Snooping	56
CLI Examples	59
sFlow	67
Overview	67
sFlow Agents	68
CLI Examples	69
Routing Configuration	73
VLAN Routing	74
CLI Examples	74
Using the Web Interface to Configure VLAN Routing	76
Virtual Router Redundancy Protocol	77
CLI Examples	77
Using the Web Interface to Configure VRRP	79
Proxy Address Resolution Protocol (ARP)	80
Overview	80
CLI Examples	80
OSPF	81
OSPF Concepts and Terms	81
CLI Examples	83
Routing Information Protocol	92
RIP Configuration	92
CLI Examples	93
Using the Web Interface to Configure RIP	94
Route Preferences	95
Assigning Administrative Preferences to Routing Protocols	95
Using Equal Cost Multipath	97
Loopback Interfaces	99
IP Helper	100
CLI Examples	102
Device Security	105
802.1x Network Access Control	106
802.1x Network Access Control Examples	106
802.1X Authentication and VLANs	109
Authenticated and Unauthenticated VLANs	109
Guest VLAN	109
CLI Examples	110
Authentication Server Filter Assignment	111
Access Control Lists (ACLs)	111
Overview	111
MAC ACLs	113
IP ACLs	114
ACL Configuration Process	114
IP ACL CLI Example	115
Configuring a MAC ACL	116
RADIUS	117
RADIUS Configuration Examples	118
TACACS+	120
TACACS+ Configuration Example	120
802.1x MAC Authentication Bypass (MAB)	122
Operation in the Network	122
CLI Examples	123
Captive Portal	125
Overview	125
Functional Description	125
Captive Portal Configuration, Status and Statistics	126
Captive Portal Status	128
Captive Portal Statistics	129
CLI Examples	129
IPv6	135
Overview	135
Interface Configuration	135
CLI Example	136
Quality of Service	139
Class of Service Queuing	139
Ingress Port Configuration	139
Egress Port Configuration—Traffic Shaping	140
Queue configuration	140
Queue Management Type	140
CLI Examples	140
Differentiated Services	143
CLI Example	144
DiffServ for VoIP Configuration Example	146
Multicast	149
Overview	149
When to Enable IP Multicast on the PowerConnect 6200 Series Switch	150
IGMP Configuration	150
CLI Example	150
IGMP Proxy	151
CLI Examples	151
DVMRP	152
CLI Example	153
PIM	154
PIM-SM	154
PIM-DM	155
Multicast Routing and IGMP Snooping	157
Utility	161
Auto Config	162
Overview	162
Functional Description	162
CLI Examples	167
Nonstop Forwarding on a Switch Stack	168
Initiating a Failover	168
Checkpointing	168
Switch Stack MAC Addressing and Stack Design Considerations	170
NSF Network Design Considerations	170
NSF Default Behavior	170

Match case Limit results 1 per page

Utility

173

Figure 9-3.

NSF and DHCP Snooping

If the management unit fails, all hosts connected to that unit lose network access until that unit reboots.

The hardware on surviving units continues to enforce source filters IPSG installed prior to the failover.

Valid hosts continue to communicate normally. During the failover, the hardware continues to drop data

packets from unauthorized hosts so that security is not compromised.

If a host is in the middle of an exchange with the DHCP server when the failover occurs, the exchange is

interrupted while the control plane restarts. When DHCP snooping is enabled, the hardware traps all

DHCP packets to the CPU. The control plane drops these packets during the restart. The DHCP client

and server retransmit their DHCP messages until the control plane has resumed operation and messages

get through. Thus, DHCP snooping does not miss any new bindings during a failover.

As DHCP snooping applies its checkpointed DHCP bindings, IPSG confirms the existence of the

bindings with the hardware by reinstalling its source IP address filters.

If Dynamic ARP Inspection is enabled on the access switch, the hardware traps ARP packets to the CPU

on untrusted ports. During a restart, the control plane drops ARP packets. Thus, new traffic sessions may

be briefly delayed until after the control plane restarts.

If IPSG is enabled and a DHCP binding is not checkpointed to the backup unit before the failover, that

host will not be able to send data packets until it renews its IP address lease with the DHCP server.

DHCP Server

LAG

Hosts