From: Mike Hwang (empires@hanaro.com)
Date: Mon May 28 2007 - 21:57:47 ART
Hi~ sebastan
Refer to below information 1, 2 and url.
First you enable to "update arp" within dhcp pool
Second enable "arp authorized" in the interface.
Thanks
Mike
---------
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hiad_c
/ch10/hipdhcpa.htm
1. Securing ARP Table Entries to DHCP Leases
Securing ARP Table Entries to DHCP Leases
Perform this task to secure ARP table entries to DHCP leases in the DHCP
database.
When the update arp command is used, ARP table entries and their
corresponding DHCP leases are secured automatically for all new leases and
DHCP bindings. However, existing active leases are not secured. These leases
are still insecure until they are renewed. When the lease is renewed, it is
treated as a new lease and will be secured automatically. If this command is
disabled on the DHCP server, all existing secured ARP table entries will
automatically change to dynamic ARP entries.
SUMMARY STEPS
1. enable
2. configure terminal
3. ip dhcp pool pool-name
4. update arp
2. Configuring DHCP Authorized ARP
Configuring DHCP Authorized ARP
Perform this task to configure DHCP authorized ARP, which disables dynamic
ARP learning on an interface.
ARP Probing Behavior
DHCP authorized ARP has a limitation in supporting accurate one-minute
billing. DHCP authorized ARP probes for authorized users once or twice, 30
seconds apart. In a busy network the possibility of missing reply packets
increases, which can cause a premature log off. If you need a more accurate
and finer control for probing of the authorized user, configure the arp
probe interval command. This command specifies when to start a probe, the
interval between unsuccessful probes, and the maximum number of retries
before triggering an automatic log off.
Restrictions
If both static and authorized ARP are installing the same ARP entry, static
configuration overrides authorized ARP. You can install a static ARP entry
by using the arp global configuration command. You can only remove a
nondynamic ARP entry by the same method in which it was installed.
The ARP timeout period should not be set to less than 30 seconds. The
feature is designed to send out an ARP message every 30 seconds, beginning
90 seconds before the ARP timeout period specified by the arp timeout
command. This behavior allows probing for the client at least three times
before giving up on the client. If the ARP timeout is set to 60 seconds, an
ARP message is sent twice, and if it is set to 30 seconds, an ARP message is
sent once. An ARP timeout period set to less than 30 seconds can yield
unpredictable results.
SUMMARY STEPS
1. enable
2. configure terminal
3. interface type number
4. ip address ip-address mask
5. arp authorized
6. end
7. show arp
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
sebastan bach
Sent: Tuesday, May 29, 2007 4:02 AM
To: ccielab@groupstudy.com
Subject: problem with dhcp snooping
hi all i have setup dhcp snooping and i have set the trusted port for other
configured as a dhcp server.
dhcp snooping only works and the clients only get ip address from the dhcp
server when
no ip dhcp snooping information option command is set.
without this command dhcp doesn;t work/
can someone pls tell me what does this command do and without this command
why dhcp snooping is not working.
regards
sebastan
This archive was generated by hypermail 2.1.4 : Fri Jun 01 2007 - 06:55:22 ART