Wired Intelligent Edge (Campus Switching and Routing)

 View Only
last person joined: 8 days ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of HPE Aruba Networking switching devices, and find ways to improve security across your network.

How to learn the IP address of the clients connected in switch 

May 12, 2020 02:35 PM


Methods of learning the IP address of clients connected to switch varies in old and new models.


New Models - 2540, 2920, 2930, 3810, 5400R

 IP Client Tracker


Old Models - 2530,3500,3800,4500 and 5400zl

DHCP Snooping



By default, the switch does not learn the IP address of the clients. DHCP-snooping and IP client-tracker are the two methods by which switch can learn the IP address of the connected clients. DHCP-snooping option should be enabled globally and cannot be enabled on specific ports, this is applicable for both old and new model switches. 


Old Model:

DHCP-snooping should be enabled for switch to learn the IP address of the clients. These switches do not support IP client-tracker option. DHCP-snooping should be on the Client’s VLAN. DHCP-snooping trust configuration must be done on the uplink port of the switch. If the uplink port of the switch has dhcp-snooping untrusted then the DHCP packets would be dropped by the switch.


New Model:

New model switches support both DHCP-snooping as well as IP client-tracker option. In order for switch to learn the client's IP any one method can be used. While using the option “ip client-tracker <trusted/untrusted>” should be specified where trusted represents the IP address of authenticated clients and untrusted represents the IP address of Unauthenticated clients.


Trusted ---> IP address of Authenticated clients

Untrusted ---> IP address of Unauthenticated clients



IP client-tracker configuration:

(Switch)<config># ip client-tracker trusted

(Switch)<config># ip client-tracker untrusted


DHCP-Snooping Configuration:

(Switch)<config># dhcp-snooping enable

(Switch)<config># dhcp-snooping vlan 104

(Switch)<config># show dhcp-snooping


DHCP Snooping Information

DHCP Snooping : Yes

Enabled Vlans : 104

Verify MAC : Yes

Option 82 untrusted policy : drop

Option 82 Insertion : Yes

Option 82 remote-id : mac


(Switch)<config># interface 7 

(Switch)<config># dhcp-snooping trust


In case of LACP, following commands should be used:

Interface trk1

     dhcp-snooping trust




New Model:

Clients connected on interface 6.

(Switch)<config># show port-access clients 

Port Access Client Status

  Port      Client Name       MAC Address            IP Address      User Role         Type     VLAN

 --------    --------------------    ----------------------         ------------------   ----------------      ----------   --------

   6        34e6d7149deb    34e6d7-149deb                             MAC      104   


Old Model:

Connected Clients on Interface 6 and 8, was able to see that the switch learns the IP of the client.

(Switch)<config># show port-access clients 


Port Access Client Status

  Port      Client Name       MAC Address        IP Address      User Role         Type    VLAN

 --------     ------------------      ---------------------      ---------------      -----------------      -------    --------

   6        34e6d7149deb   34e6d7-149deb                              MAC   104  

   8        34e6d7210eb6   34e6d7-210eb6                              MAC   104


(Switch)<config># show dhcp-snooping binding 


  MacAddress                         IP                        VLAN       Interface         Time Left

  -------------------                    ---------                  -----------   ---------------       --------------

  34e6d7-149deb             104                6                 86259

  34e6d7-210eb6             104                8                 86254    


DHCP bindings on switch would get listed only when dhcp-snooping is enabled.


0 Favorited
0 Files

Related Entries and Links

No Related Resource entered.