No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE20E-S2 V800R010C10SPC500 Configuration Guide - Security 01

This is NE20E-S2 V800R010C10SPC500 Configuration Guide - Security

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Licensing Requirements and Limitations for DHCP Snooping--S2F

Licensing Requirements and Limitations for DHCP Snooping--S2F

Licensing Requirements

This feature is a basic feature and is not under license control.

Restrictions and Guidelines

Restrictions

Guidelines

Impact

ARP aging detection for DHCP snooping entries applies only to Layer 3 networking. The binding table generated in Layer 2 networking does not support ARP aging detection.

Do not configure ARP aging detection for DHCP snooping entries in Layer 2 networking.

DHCP Snooping entries in layer 2 networking go offline only after the leases expires, and entries going offline through ARP aging detection is not supported.

After binding a BD to a VSI, DHCP snooping in the BD does not support client access from the network side (the PW side).

Plan the network properly. Do not deploy DHCP snooping when clients access network from the PW side.

Users accessing network from the PW side fail to go online.

After binding a BD to a VSI, the VBDIF interface is configured and the DHCP relay function is applied on the VBDIF interface. In this case, if the clients access from the network side (the PW side), the DHCP snooping function cannot be configured.

Plan the network properly. Do not deploy DHCP Snooping when clients access network from the PW side.

Users accessing network from the PW side fail to go online.

After strict MAC check is enabled for DHCP snooping, one IP address in a broadcast domain can be bound to only one unique MAC address. If different MAC addresses have applied for the same IP address in sequence, the latter ones are considered invalid, and corresponding users are not allowed to go online.

Plan properly.

When the STB functions as an access DHCP client, after the DHCP client applies to the DHCP server for an IP address, the MAC address of the client may change during an STB replacement. If strict MAC check is enabled for DHCP snooping in this case, the new client (new MAC) cannot go online before the old MAC ages.

DHCP snooping can be configured in either of the following VPLS scenarios:

1. In scenarios where the DHCP client and DHCP server connect to the local AC interface: Enable DHCP snooping on the AC sub-interface connected to the DHCP client. Enable DHCP snooping on the AC sub-interface connected to the DHCP server, and configure the AC sub-interface as a trusted interface.

2. In scenarios where the DHCP client connects to the local AC interface and the DHCP server is deployed on a remote device through a VPLS tunnel: Enable DHCP snooping on the AC sub-interface connected to the DHCP client. Enable DHCP snooping on the VPLS tunnel public network interface, and configure the interface as a trusted interface. Alternatively, enable DHCP snooping on the AC sub-interface connected to the DHCP client, and enable the network-side interface to send DHCP reply packets to the CPU in the VSI that houses the AC sub-interface.

Plan the network properly.

Services will be interrupted, and the traffic will be blocked.

DHCP snooping is supported only on global-VE sub-interfaces and VE sub-interfaces configured with the l3-access attribute and must work with DHCP relay. Enable both DHCP relay and DHCP snooping on sub-interfaces configured with the l3-access attribute.

Plan the network properly.

Services will be interrupted, and the traffic will be blocked.

On a Layer 2 network, DHCP snooping can be deployed between a DHCP client and DHCP relay and cannot be deloyed between a DHCP relay and DHCP server.

Plan configurations properly.

Services will be interrupted and the traffic will be blocked.

On a Layer 3 network, DHCP snooping can only be enabled on a DHCP relay-enabled interface.

Plan configurations properly.

Services will be interrupted and the traffic will be blocked.

Translation
Download
Updated: 2019-01-02

Document ID: EDOC1100055397

Views: 25146

Downloads: 52

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next