Allied TelesisメーカーRapier i Seriesの使用説明書/サービス説明書
ページ先へ移動 of 26
C613-16086-00 REV B www .alliedtelesis.com AlliedW ar e TM OS How T o | Intr oduction It has increasingly become a legal r equirement fo r service providers to id entify which of their customers we re using a specific IP addr ess at a specific time .
Page 2 | AlliedW are™ OS How T o Note: DHCP Snooping on Rapier -style s witches Intr oduction This document contains the following contents: Intr oduction .......... .................................................................... ..............
Page 3 | AlliedW are™ OS How T o Note: DHCP Snooping on Rapier -style s witches DHCP snooping Related Ho w T o Notes The follo wing How T o Note describes DHCP snooping on A T -9900, x900-48 and A T.
Page 4 | AlliedW are™ OS How T o Note: DHCP Snooping on Rapi er -style switches DHCP snooping The database The switch watches the DHCP pack ets that it is passing back-and-for th. It also maintains a database that lists the DHCP leases it kno ws are being held by de vices downstream of its port s.
Page 5 | AlliedW are™ OS How T o Note: DHCP Snooping on Rapi er -style switches DHCP snooping List of terms: MA C Addr ess: The MAC addr ess of the snoope d DHCP client. IP Addr ess: The IP addr ess that has been allo cated to the snooped DHCP client.
Page 6 | AlliedW are™ OS How T o Note: DHCP Snooping on Rapi er -style switches DHCP snooping T rusted and non-trusted por ts The concept of trus ted and non-trusted por ts is fundamental to the operation of DHCP snooping: z T rusted por ts connect to a trusted entity in the netw ork, and are under the comple te contr ol of the network manager .
Page 7 | AlliedW are™ OS How T o Note: DHCP Snooping on Rapi er -style switches DHCP snooping Completely r e mo ving th e DHCP snooping database T o completely remo ve the database, it is necessar y to delete the file nvs:bindings.dsn . So the database is empty: Manager > delete fi=nvs:bindings.
Page 8 | AlliedW are™ OS How T o Note: DHCP Snooping on Rapi er -style switches DHCP Option 82 DHCP Option 82 DHCP Rela y Agent Information Option 82 is an extension to the Dynamic Host Configuration Pr otocol (DHCP), and is defined in RFC 3046 and RFC 3993.
Page 9 | AlliedW are™ OS How T o Note: DHCP Snooping on Rapi er -style switches DHCP Option 82 Pr otocol details In the DHCP pack et, the Option 82 segment is organized as a single DHCP option containing one or more sub-options that con vey inf ormat ion known by the r ela y agent.
Page 10 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches DHCP Option 82 Analysis The following table pr ovides an analysis of the strings in the above DHCP Request packet ext.
Page 11 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches DHCP filtering DHCP filtering The purpose of DHCP filtering is to pre vent IP addr esses from being falsified or ‘spoofed’. This guarantees that customer s cannot a void detection by spoofing an IP ad dress that was not actually allocated to them.
Page 12 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches DHCP filtering ARP security It is also possible to enable DHCP snooping ARP security . If en abled this will ensur e that ARP pack ets receiv ed on non-trusted ports are onl y pe rmitted if they originate fr om an IP addr ess that has been allocated by DHCP .
Page 13 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches DHCP filtering a maximum of 1 3 leases and por ts 3 to 8 giv en 1 lease each. After that, no por t could hav e its leases increased because the filter r esour ce is completely used up.
Page 14 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches Configuration exampl es Configuration examples This section contains the following examples: z "Configuring the .
Page 15 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches Configuration exampl es add vlan="48" port=24 fram e=tagged uplink add vlan="48" port=1-23 This is a la yer 2 so lution. The IP pr ot ocol does not need to be configur ed.
Page 16 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches Configuration exampl es create classifier=50 tcpdp ort=20 create classifier=51 tcpdp ort=21 create classifier=52 tcpdp ort=23 create classifier=53 ethfo rmat=ethii prot=0800 Classifiers will be applied in QoS to allow priori tisation or traffic shaping.
Page 17 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches Configuration exampl es Configuring the switch f or DHCP snooping, filtering, and Option 82, when it is acting as a l.
Page 18 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches Configuration exampl es enable ip add ip int=vlan48 ip=10.11 .67.254 mask=255.255.255.0 add ip int=vlan50 ip=10.50 .1.254 mask=255.255.255.0 add ip rou=0.0.0.0 mask=0. 0.
Page 19 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches Configuration exampl es create classifier=50 tcpdp ort=20 create classifier=51 tcpdp ort=21 create classifier=52 tcpdp ort=23 create classifier=53 ethfo rmat=ethii prot=0800 Classifiers will be applied in QoS to allow priori tisation or traffic shaping.
Page 20 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches T roub leshooting T r oubleshooting Use the command enable dhcpsnooping debug=all to get the most v erbose lev el of debugging a vailable . In the following sections, all debugging comes fr om that command.
Page 21 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches T roub leshooting The DHCP client continuall y sends r equests instead of a disco ver This happens when the client is r enewing it s lease or , for whatev er reason, believ es that should be issued a spec ific address.
Page 22 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches T roub leshooting Incr easing the por t’ s maxim um leases w ill permit multiple clients per port. Switch is dr opping ARPs If yo u have DH C P s no o p in g in AR P se c ur i ty m o de, then unknown clients on untrusted ports will not be able to ARP .
Page 23 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches T roub leshooting Y ou cannot work ar ound dropped ARPs fr om th e DHCP ser ver b y statically binding the DHCP ser v er’ s IP and MA C address to a port, in stead of setting it as trusted.
Page 24 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches T roub leshooting Displa ying log entries The sho w log command is also v er y useful: Manager > sh log Date/Time .
Page 25 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches Appendix 1 : ISC DHCP ser ver Appendix 1 : ISC DHCP ser ver One DHCP server that has been tested agai nst DHCP snooping is ISC DHCP . This is fr ee software with an option of a suppor t contract .
USA Headq u ar ters | 19800 Nor th Cr eek Parkwa y | S u ite 200 | Bothell | WA 98011 | USA | T: +1 800 424 4284 | F: +1 425 481 3895 E u r opea n Headq u ar ters | Via Motta 24 | 6830 Chiasso | Switzerla n d | T : +41 91 69769.
デバイスAllied Telesis Rapier i Seriesの購入後に(又は購入する前であっても)重要なポイントは、説明書をよく読むことです。その単純な理由はいくつかあります:
Allied Telesis Rapier i Seriesをまだ購入していないなら、この製品の基本情報を理解する良い機会です。まずは上にある説明書の最初のページをご覧ください。そこにはAllied Telesis Rapier i Seriesの技術情報の概要が記載されているはずです。デバイスがあなたのニーズを満たすかどうかは、ここで確認しましょう。Allied Telesis Rapier i Seriesの取扱説明書の次のページをよく読むことにより、製品の全機能やその取り扱いに関する情報を知ることができます。Allied Telesis Rapier i Seriesで得られた情報は、きっとあなたの購入の決断を手助けしてくれることでしょう。
Allied Telesis Rapier i Seriesを既にお持ちだが、まだ読んでいない場合は、上記の理由によりそれを行うべきです。そうすることにより機能を適切に使用しているか、又はAllied Telesis Rapier i Seriesの不適切な取り扱いによりその寿命を短くする危険を犯していないかどうかを知ることができます。
ですが、ユーザガイドが果たす重要な役割の一つは、Allied Telesis Rapier i Seriesに関する問題の解決を支援することです。そこにはほとんどの場合、トラブルシューティング、すなわちAllied Telesis Rapier i Seriesデバイスで最もよく起こりうる故障・不良とそれらの対処法についてのアドバイスを見つけることができるはずです。たとえ問題を解決できなかった場合でも、説明書にはカスタマー・サービスセンター又は最寄りのサービスセンターへの問い合わせ先等、次の対処法についての指示があるはずです。