Jump to content
Калькуляторы

orion A10 dhcp snooping trust транзит Option82 изменяет dhcp пакеты на trust портах

схема

 

dhcp-server <--10port vlan 11,12,20>  orion A10  <vlan 12,20 9port--26port vlan 12,20>  orion A26 <vlan 12 1port--> dhcp клиент

 

если на A10 просто прогнать влан то клиент получает адрес.

Но,если на a10

create vlan 11,12,20 active

interface port 1
switchport access vlan 11
switchport access egress-allowed vlan remove 1
ip dhcp snooping information option vlan-list 11

!
interface port 9
switchport trunk allowed vlan 12,20
switchport trunk untagged vlan remove 1
switchport mode trunk
ip dhcp snooping trust
!
interface port 10
switchport trunk allowed vlan 11,12,20
switchport trunk untagged vlan remove 1
switchport mode trunk
ip dhcp snooping trust

!
ip dhcp snooping
ip dhcp snooping information option
ip dhcp information option remote-id string 192.168.10.11

То клиент перестаёт получать адрес,

в дебаге на a26


DHCPS PACKET: inserted an option 82(subscriber-id 00:06:00:0C:01:00:00:01 remote
-id 31:39:32:2E:31:36:38:2E:32:30:33:2E:34:32) into this request packet(type:1), new packet length 315
%Jan 18 20:39:30 2006 DHCPS: rcv packet from client e8-11-32-67-38-0b,
 interface Ethernet1/1(portID 0x1000001), length 361,
 type DHCPDISCOVER, opcode BOOTREQUEST, stacking 0

%Jan 18 20:39:30 2006 DHCPS: flood dhcp pkt from Ethernet1/1 dst mac ff-ff-ff-ff-ff-ff
        to all up port except input port Ethernet1/1 in vlan 12
%Jan 18 20:39:30 2006 DHCPS: do binding info from client e8-11-32-67-38-0b,
        interface Ethernet1/1, type DHCPDISCOVER, flag 0
%Jan 18 20:39:31 2006 The value of the segment iph->tot_len 306 is not equal to skb->len 334
%Jan 18 20:39:31 2006 DHCPS:dhcpSnoopingCheckIPUDPheader failed, return (-4)!

При этом в логе дшсп сервера опции именно A26

 

 

Отключаю всё что касаемо DHCP snooping на a10 то на a26 всё ок:

 

DHCPS PACKET: inserted an option 82(subscriber-id 00:06:00:0C:01:00:00:01 remote
-id 31:39:32:2E:31:36:38:2E:32:30:33:2E:34:32) into this request packet(type:1),
new packet length 315
%Jan 18 20:43:04 2006 DHCPS: rcv packet from client e8-11-32-67-38-0b,
        interface Ethernet1/1(portID 0x1000001), length 361,
        type DHCPDISCOVER, opcode BOOTREQUEST, stacking 0
%Jan 18 20:43:04 2006 DHCPS: flood dhcp pkt from Ethernet1/1 dst mac ff-ff-ff-ff
-ff-ff
        to all up port except input port Ethernet1/1 in vlan 12
%Jan 18 20:43:04 2006 DHCPS: do binding info from client e8-11-32-67-38-0b,
        interface Ethernet1/1, type DHCPDISCOVER, flag 0
%Jan 18 20:43:05 2006 DHCPS PACKET: stripped an option 82 from this reply packet
(type:2), new packet length 300
%Jan 18 20:43:05 2006 DHCPS: rcv packet to client e8-11-32-67-38-0b,
        interface Ethernet1/26(portID 0x100001A), length 346,
        type DHCPOFFER, opcode BOOTREPLY, stacking 0
%Jan 18 20:43:05 2006 DHCPS: Get send port Ethernet1/1 for DHCP reply unicast pa
cket
       for dhcp client e8-11-32-67-38-0b in vlan 12

Ну и далее весь процес получения. Клиент получил адрес.

 

С A10 в 1 порту (11 влан) клиент получает адреса.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this