Manuale d’uso / di manutenzione del prodotto AT-8700XL Series del fabbricante Allied Telesis
Vai alla pagina of 26
C613-16086-00 REV B www .alliedtelesis.com AlliedW ar e TM OS How T o | Intr oduction It has increasingly become a legal r equirement fo r service providers to id entify which of their customers we re using a specific IP addr ess at a specific time .
Page 2 | AlliedW are™ OS How T o Note: DHCP Snooping on Rapier -style s witches Intr oduction This document contains the following contents: Intr oduction .......... .................................................................... ..............
Page 3 | AlliedW are™ OS How T o Note: DHCP Snooping on Rapier -style s witches DHCP snooping Related Ho w T o Notes The follo wing How T o Note describes DHCP snooping on A T -9900, x900-48 and A T.
Page 4 | AlliedW are™ OS How T o Note: DHCP Snooping on Rapi er -style switches DHCP snooping The database The switch watches the DHCP pack ets that it is passing back-and-for th. It also maintains a database that lists the DHCP leases it kno ws are being held by de vices downstream of its port s.
Page 5 | AlliedW are™ OS How T o Note: DHCP Snooping on Rapi er -style switches DHCP snooping List of terms: MA C Addr ess: The MAC addr ess of the snoope d DHCP client. IP Addr ess: The IP addr ess that has been allo cated to the snooped DHCP client.
Page 6 | AlliedW are™ OS How T o Note: DHCP Snooping on Rapi er -style switches DHCP snooping T rusted and non-trusted por ts The concept of trus ted and non-trusted por ts is fundamental to the operation of DHCP snooping: z T rusted por ts connect to a trusted entity in the netw ork, and are under the comple te contr ol of the network manager .
Page 7 | AlliedW are™ OS How T o Note: DHCP Snooping on Rapi er -style switches DHCP snooping Completely r e mo ving th e DHCP snooping database T o completely remo ve the database, it is necessar y to delete the file nvs:bindings.dsn . So the database is empty: Manager > delete fi=nvs:bindings.
Page 8 | AlliedW are™ OS How T o Note: DHCP Snooping on Rapi er -style switches DHCP Option 82 DHCP Option 82 DHCP Rela y Agent Information Option 82 is an extension to the Dynamic Host Configuration Pr otocol (DHCP), and is defined in RFC 3046 and RFC 3993.
Page 9 | AlliedW are™ OS How T o Note: DHCP Snooping on Rapi er -style switches DHCP Option 82 Pr otocol details In the DHCP pack et, the Option 82 segment is organized as a single DHCP option containing one or more sub-options that con vey inf ormat ion known by the r ela y agent.
Page 10 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches DHCP Option 82 Analysis The following table pr ovides an analysis of the strings in the above DHCP Request packet ext.
Page 11 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches DHCP filtering DHCP filtering The purpose of DHCP filtering is to pre vent IP addr esses from being falsified or ‘spoofed’. This guarantees that customer s cannot a void detection by spoofing an IP ad dress that was not actually allocated to them.
Page 12 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches DHCP filtering ARP security It is also possible to enable DHCP snooping ARP security . If en abled this will ensur e that ARP pack ets receiv ed on non-trusted ports are onl y pe rmitted if they originate fr om an IP addr ess that has been allocated by DHCP .
Page 13 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches DHCP filtering a maximum of 1 3 leases and por ts 3 to 8 giv en 1 lease each. After that, no por t could hav e its leases increased because the filter r esour ce is completely used up.
Page 14 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches Configuration exampl es Configuration examples This section contains the following examples: z "Configuring the .
Page 15 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches Configuration exampl es add vlan="48" port=24 fram e=tagged uplink add vlan="48" port=1-23 This is a la yer 2 so lution. The IP pr ot ocol does not need to be configur ed.
Page 16 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches Configuration exampl es create classifier=50 tcpdp ort=20 create classifier=51 tcpdp ort=21 create classifier=52 tcpdp ort=23 create classifier=53 ethfo rmat=ethii prot=0800 Classifiers will be applied in QoS to allow priori tisation or traffic shaping.
Page 17 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches Configuration exampl es Configuring the switch f or DHCP snooping, filtering, and Option 82, when it is acting as a l.
Page 18 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches Configuration exampl es enable ip add ip int=vlan48 ip=10.11 .67.254 mask=255.255.255.0 add ip int=vlan50 ip=10.50 .1.254 mask=255.255.255.0 add ip rou=0.0.0.0 mask=0. 0.
Page 19 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches Configuration exampl es create classifier=50 tcpdp ort=20 create classifier=51 tcpdp ort=21 create classifier=52 tcpdp ort=23 create classifier=53 ethfo rmat=ethii prot=0800 Classifiers will be applied in QoS to allow priori tisation or traffic shaping.
Page 20 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches T roub leshooting T r oubleshooting Use the command enable dhcpsnooping debug=all to get the most v erbose lev el of debugging a vailable . In the following sections, all debugging comes fr om that command.
Page 21 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches T roub leshooting The DHCP client continuall y sends r equests instead of a disco ver This happens when the client is r enewing it s lease or , for whatev er reason, believ es that should be issued a spec ific address.
Page 22 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches T roub leshooting Incr easing the por t’ s maxim um leases w ill permit multiple clients per port. Switch is dr opping ARPs If yo u have DH C P s no o p in g in AR P se c ur i ty m o de, then unknown clients on untrusted ports will not be able to ARP .
Page 23 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches T roub leshooting Y ou cannot work ar ound dropped ARPs fr om th e DHCP ser ver b y statically binding the DHCP ser v er’ s IP and MA C address to a port, in stead of setting it as trusted.
Page 24 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches T roub leshooting Displa ying log entries The sho w log command is also v er y useful: Manager > sh log Date/Time .
Page 25 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches Appendix 1 : ISC DHCP ser ver Appendix 1 : ISC DHCP ser ver One DHCP server that has been tested agai nst DHCP snooping is ISC DHCP . This is fr ee software with an option of a suppor t contract .
USA Headq u ar ters | 19800 Nor th Cr eek Parkwa y | S u ite 200 | Bothell | WA 98011 | USA | T: +1 800 424 4284 | F: +1 425 481 3895 E u r opea n Headq u ar ters | Via Motta 24 | 6830 Chiasso | Switzerla n d | T : +41 91 69769.
Un punto importante, dopo l’acquisto del dispositivo (o anche prima di acquisto) è quello di leggere il manuale. Dobbiamo farlo per diversi motivi semplici:
Se non hai ancora comprato il Allied Telesis AT-8700XL Series è un buon momento per familiarizzare con i dati di base del prodotto. Prime consultare le pagine iniziali del manuale d’uso, che si trova al di sopra. Dovresti trovare lì i dati tecnici più importanti del Allied Telesis AT-8700XL Series - in questo modo è possibile verificare se l’apparecchio soddisfa le tue esigenze. Esplorando le pagine segenti del manuali d’uso Allied Telesis AT-8700XL Series imparerai tutte le caratteristiche del prodotto e le informazioni sul suo funzionamento. Le informazioni sul Allied Telesis AT-8700XL Series ti aiuteranno sicuramente a prendere una decisione relativa all’acquisto.
In una situazione in cui hai già il Allied Telesis AT-8700XL Series, ma non hai ancora letto il manuale d’uso, dovresti farlo per le ragioni sopra descritte. Saprai quindi se hai correttamente usato le funzioni disponibili, e se hai commesso errori che possono ridurre la durata di vita del Allied Telesis AT-8700XL Series.
Tuttavia, uno dei ruoli più importanti per l’utente svolti dal manuale d’uso è quello di aiutare a risolvere i problemi con il Allied Telesis AT-8700XL Series. Quasi sempre, ci troverai Troubleshooting, cioè i guasti più frequenti e malfunzionamenti del dispositivo Allied Telesis AT-8700XL Series insieme con le istruzioni su come risolverli. Anche se non si riesci a risolvere il problema, il manuale d’uso ti mostrerà il percorso di ulteriori procedimenti – il contatto con il centro servizio clienti o il servizio più vicino.