Wired Intelligent Edge (Campus Switching and Routing)

 View Only
last person joined: 8 days ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of HPE Aruba Networking switching devices, and find ways to improve security across your network.

How to learn the IP address of the clients connected in switch 

May 12, 2020 02:35 PM

Requirement:

Methods of learning the IP address of clients connected to switch varies in old and new models.

 

New Models - 2540, 2920, 2930, 3810, 5400R

 IP Client Tracker

 

Old Models - 2530,3500,3800,4500 and 5400zl

DHCP Snooping

 



Solution:

By default, the switch does not learn the IP address of the clients. DHCP-snooping and IP client-tracker are the two methods by which switch can learn the IP address of the connected clients. DHCP-snooping option should be enabled globally and cannot be enabled on specific ports, this is applicable for both old and new model switches. 

 

Old Model:

DHCP-snooping should be enabled for switch to learn the IP address of the clients. These switches do not support IP client-tracker option. DHCP-snooping should be on the Client’s VLAN. DHCP-snooping trust configuration must be done on the uplink port of the switch. If the uplink port of the switch has dhcp-snooping untrusted then the DHCP packets would be dropped by the switch.

 

New Model:

New model switches support both DHCP-snooping as well as IP client-tracker option. In order for switch to learn the client's IP any one method can be used. While using the option “ip client-tracker <trusted/untrusted>” should be specified where trusted represents the IP address of authenticated clients and untrusted represents the IP address of Unauthenticated clients.

 

Trusted ---> IP address of Authenticated clients

Untrusted ---> IP address of Unauthenticated clients

 



Configuration:

IP client-tracker configuration:

(Switch)<config># ip client-tracker trusted

(Switch)<config># ip client-tracker untrusted

 

DHCP-Snooping Configuration:

(Switch)<config># dhcp-snooping enable

(Switch)<config># dhcp-snooping vlan 104

(Switch)<config># show dhcp-snooping

 

DHCP Snooping Information

DHCP Snooping : Yes

Enabled Vlans : 104

Verify MAC : Yes

Option 82 untrusted policy : drop

Option 82 Insertion : Yes

Option 82 remote-id : mac

 

(Switch)<config># interface 7 

(Switch)<config># dhcp-snooping trust

 

In case of LACP, following commands should be used:

Interface trk1

     dhcp-snooping trust

     exit

 



Verification

New Model:

Clients connected on interface 6.

(Switch)<config># show port-access clients 

Port Access Client Status

  Port      Client Name       MAC Address            IP Address      User Role         Type     VLAN

 --------    --------------------    ----------------------         ------------------   ----------------      ----------   --------

   6        34e6d7149deb    34e6d7-149deb       10.27.131.176                             MAC      104   

 

Old Model:

Connected Clients on Interface 6 and 8, was able to see that the switch learns the IP of the client.

(Switch)<config># show port-access clients 

 

Port Access Client Status

  Port      Client Name       MAC Address        IP Address      User Role         Type    VLAN

 --------     ------------------      ---------------------      ---------------      -----------------      -------    --------

   6        34e6d7149deb   34e6d7-149deb    10.27.131.176                              MAC   104  

   8        34e6d7210eb6   34e6d7-210eb6    10.27.131.177                              MAC   104

 

(Switch)<config># show dhcp-snooping binding 

 

  MacAddress                         IP                        VLAN       Interface         Time Left

  -------------------                    ---------                  -----------   ---------------       --------------

  34e6d7-149deb          10.27.131.176             104                6                 86259

  34e6d7-210eb6          10.27.131.177             104                8                 86254    

 

DHCP bindings on switch would get listed only when dhcp-snooping is enabled.

 

Statistics
0 Favorited
57 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.