Home » Dell Manuals » Hubs & Switches » Dell PowerConnect M6220 » Manual Viewer

Dell PowerConnect M6220 User's Guide - Page 397

DHCP Snooping, Dropped, Switching

View all Dell PowerConnect M6220 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 397 highlights

• Dropped - The number of not valid ARP packets dropped by DAI. Configuring Dynamic ARP Inspection With CLI Commands For information about the CLI commands that perform this function, refer to the following chapter in the CLI Reference Guide: • Dynamic ARP Inspection Commands DHCP Snooping DHCP snooping is a security feature that monitors DHCP messages between a DHCP client and DHCP servers to filter harmful DHCP messages and to build a bindings database of MAC address, IP address, VLAN ID, and port tuples that are considered authorized. You can enable DHCP snooping globally, perinterface, and on specific VLANs, and configure ports within the VLAN to be trusted or untrusted. DHCP servers must be reached through trusted ports. DHCP snooping enforces the following security rules: • DHCP packets from a DHCP server (DHCPOFFER, DHCPACK, DHCPNAK, DHCPRELEASEQUERY) are dropped if received on an untrusted port. • DHCPRELEASE and DHCPDECLINE messages are dropped if for a MAC address in the snooping database, but the binding's interface is other than the interface where the message was received. • On untrusted interfaces, the switch drops DHCP packets whose source MAC address does not match the client hardware address. This feature is a configurable option. The hardware identifies all incoming DHCP packets on ports where DHCP snooping is enabled. DHCP snooping is enabled on a port if (a) DHCP snooping is enabled globally, and (b) the port is a member of a VLAN where DHCP snooping is enabled. On untrusted ports, the hardware traps all incoming DHCP packets to the CPU. On trusted ports, the hardware forwards client messages and copies server messages to the CPU so that DHCP snooping can learn the binding. Table 7-3. DHCP Snooping Trusted Port Destination UDP Port 67 (from client) Forward in hardware Untrusted Port Trap to CPU (enforcement) Destination UDP Port 68 (from server) Copy to CPU (Complete the tentative binding for a given DHCP client, based on the MAC address.) Trap to CPU (error logging) To display the DHCP Snooping page, click Switching > DHCP Snooping in the tree view. The DHCP Snooping menu page contains links to the following features: • DHCP Snooping Configuration • DHCP Snooping Interface Configuration • DHCP Snooping VLAN Configuration Configuring Switching Information 395

Section	Page
User’s Guide	1
Introduction	17
Switching Features	20
Port-Based Features	22
Spanning Tree Protocol Features	25
IPv6	30
OSPFv3	31
Quality of Service Features	31
Multicast Features	32
CLI Documentation	34
Using Dell™ OpenManage™ Switch Administrator	35
Understanding the Interface	37
Check Boxes	43
Defining Fields	43
Accessing the Switch Through the CLI	43
Console Connection	44
Using the CLI	44
Cable and Port Information	47
Overview	47
Power Connection	50
Hardware Description	51
Overview	51
PowerConnect Front Panel	52
Console (RS-232) Port	55
Configuring Dell™ PowerConnect™	65
Overview	65
Starting the CLI	66
General Configuration Information	68
Baud Rate	68
Booting the Switch	69
Configuration Overview	75
Advanced Configuration	80
Boot Menu Functions	89
Delete Backup Image	93
Activate Backup Image	94
Sample Configuration Process	95
Switch Setup Requirements	95
Configuring System Information	105
Overview	105
Managing Logs	124
Setting the Operational Mode	132
Defining IP Addressing	134
Out of Band Interface	135
Running Cable Diagnostics	145
Managing Device Security	149
Captive Portal	188
Defining SNMP Parameters	209
File Management	231
Defining Advanced Settings	238
Defining Stacking	240
sFlow	247
Industry Standard Discovery Protocol	255
Configuring Switching Information	261
Overview	261
Configuring Ports	287
Configuring Traffic Mirroring	298
Configuring Address Tables	302
Configuring GARP	307
Configuring the Spanning Tree Protocol	310
Configuring VLANs	324
Configuring Voice VLAN	347
Aggregating Ports	349
Managing Multicast Support	355
IGMP Snooping	362
MRouter Status	371
MLD Snooping	372
Configuring the Link Layer Discovery Protocol (LLDP)	379
Creating Link Dependencies	386
Dynamic ARP Inspection	389
DHCP Snooping	397
DHCP Relay	410
Using the Port Aggregator Feature	416
Viewing Statistics and Remote Monitoring	423
Overview	423
Table Views	424
RMON	433
Charts	448
Configuring Routing	453
Overview	453
IP	458
OSPF	465
BOOTP/DHCP Relay Agent	499
IP Helper	502
RIP	509
Router Discovery	520
Router	523
VLAN Routing	533
VRRP	536
Tunnels	546
Loopbacks	551
Configuring IPv6	559
Overview	559
Global Configuration	560
Interface Configuration	561
Interface Summary	564
IPv6 Statistics	565
IPv6 Neighbor Table	570
DHCPv6	571
OSPFv3	586
IPv6 Routes	616
Configuring Quality of Service	623
Quality of Service Overview	623
Configuring Differentiated Services	624
Class of Service	641
Auto VoIP	650
Configuring IP Multicast	653
Overview	653
Multicast Listener Discovery	666
Distance Vector Multicast Routing Protocol	679
Internet Group Management Protocol	688
Protocol Independent Multicast-Dense Mode	703
Protocol Independent Multicast-Sparse Mode	716
Getting Help	731
Dell Enterprise Training and Certification	733
Problems With Your Order	733
Product Information	734
Returning Items for Warranty Repair or Credit	734
Before You Call	734

Match case Limit results 1 per page

Configuring Switching Information

395

•

Dropped

— The number of not valid ARP packets dropped by DAI.

Configuring Dynamic ARP Inspection With CLI Commands

For information about the CLI commands that perform this function, refer to the following chapter in

the

CLI Reference Guide

•

Dynamic ARP Inspection Commands

DHCP Snooping

DHCP snooping is a security feature that monitors DHCP messages between a DHCP client and DHCP

servers to filter harmful DHCP messages and to build a bindings database of MAC address, IP address,

VLAN ID, and port tuples that are considered authorized. You can enable DHCP snooping globally, per-

interface, and on specific VLANs, and configure ports within the VLAN to be trusted or untrusted.

DHCP servers must be reached through trusted ports.

DHCP snooping enforces the following security rules:

•

DHCP packets from a DHCP server (DHCPOFFER, DHCPACK, DHCPNAK,

DHCPRELEASEQUERY) are dropped if received on an untrusted port.

•

DHCPRELEASE and DHCPDECLINE messages are dropped if for a MAC address in the snooping

database, but the binding’s interface is other than the interface where the message was received.

•

On untrusted interfaces, the switch drops DHCP packets whose source MAC address does not match

the client hardware address. This feature is a configurable option.

The hardware identifies all incoming DHCP packets on ports where DHCP snooping is enabled. DHCP

snooping is enabled on a port if (a) DHCP snooping is enabled globally, and (b) the port is a member of

a VLAN where DHCP snooping is enabled. On untrusted ports, the hardware traps all incoming DHCP

packets to the CPU. On trusted ports, the hardware forwards client messages and copies server messages

to the CPU so that DHCP snooping can learn the binding.

To display the

DHCP Snooping

page, click

Switching

DHCP Snooping

in the tree view.

The

DHCP Snooping

menu page contains links to the following features:

•

DHCP Snooping Configuration

•

DHCP Snooping Interface Configuration

•

DHCP Snooping VLAN Configuration

Table 7-3.

DHCP Snooping

Destination UDP Port 67 (from client)

Destination UDP Port 68 (from server)

Trusted Port

Forward in hardware

Copy to CPU (Complete the tentative binding for a

given DHCP client, based on the MAC address.)

Untrusted Port

Trap to CPU (enforcement)

Trap to CPU (error logging)