Wired Intelligent Edge

 View Only
last person joined: 16 hours ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Expand all | Collapse all

AOS-CX (10.04) DHCP TRUST ???

This thread has been viewed 29 times
  • 1.  AOS-CX (10.04) DHCP TRUST ???

    Posted Nov 05, 2019 04:38 AM

    AOS-switch has a dhcp-trust function, is there a comparable function in AOS-CX (10.04) ?  If so what/where?

     

    --N

     

    -----
    # Thanks # Gracias # Merci # ありがとう # Danke # Spasiba # 감사합니다 # Toda # Cheers # Dhanyawaad # Ahsante # Xièxiè # shukran #


    #8320


  • 2.  RE: AOS-CX (10.04) DHCP TRUST ???

    EMPLOYEE
    Posted Nov 05, 2019 04:46 AM

    Yes, and available much before 10.4:

    on interface context:

    qos trust dscp



  • 3.  RE: AOS-CX (10.04) DHCP TRUST ???

    Posted Nov 05, 2019 04:57 AM

    Vincent:

     

    Thanks for taking the time to respond.

     

    Looking for DHCP  <<<  trust   (similar to aos-switch)..to stop rogue dhcp servers.

     

    I believe qos and igmp and other trusts are not related.

     

    Feel free to correct my noobie (mis)understanding.



  • 4.  RE: AOS-CX (10.04) DHCP TRUST ???

    EMPLOYEE
    Posted Nov 05, 2019 05:31 AM

    sorry, I miss-read your question... not at all related to QoS trust.

    (I was on a QoS topic :-)

     

    On interface context:

    dhcpv4-snooping trust

    Please see the 6300/6400 10.4 IP Services Guide.

    https://support.hpe.com/hpsc/doc/public/display?docId=a00091702en_us



  • 5.  RE: AOS-CX (10.04) DHCP TRUST ???

    Posted Nov 05, 2019 06:56 AM

    Vincent:

    The AOS-CX documentation indicates their are SNOOPING and TRUST parameters now built-in the 10.04 for the 8320 (and other switches).  See my 8320 10.04.0001 context below  (no snooping or trust -- why??):

     

    AOSCX-8320(config)# dhcp
    dhcp-relay Configure DHCP relay
    dhcp-server Configure DHCP server
    dhcpv6-relay Configure DHCPv6 relay
    dhcpv6-server Configure DHCPv6 server

     

    AOSCX-8320(config)# int vlan 555
    AOSCX-8320(config-if-vlan)#
    active-gateway Configure active gateway for the interface
    apply Apply a configuration record
    arp Configure ARP commands
    bfd Set BFD configuration
    description Add an interface description
    end End current mode and change to enable mode
    exit Exit current mode and change to previous mode
    ip IP information
    ipv6 IPv6 information
    l3-counters Enable Rx and Tx L3 counters
    list Print command list
    no Negate a command or set its defaults
    show Show running system information
    shutdown Enable/disable an interface
    track Track information
    vrf VRF Configuration
    vrrp VRRP information
    vsx Configure VSX related settings on this interface
    vsx-sync Enable VSX config sync for specific interface associations

    AOSCX-8320(config)# int 1/1/2
    AOSCX-8320(config-if)#
    apply Apply a configuration record
    arp Configure ARP commands
    bfd Set BFD configuration
    cdp Configure CDP operating mode
    description Add an interface description
    end End current mode and change to enable mode
    exit Exit current mode and change to previous mode
    flow-control Configure flow control
    ip IP information
    ipv6 IPv6 information
    l3-counters Enable Rx and Tx L3 counters
    lacp Configure LACP parameters
    lag Add the current interface to link aggregation
    list Print command list
    lldp Configure LLDP parameters
    loop-protect Configure loop protection
    mtu Configure the MTU for the interface
    mvrp Enable the Multiple VLAN Registration Protocol (MVRP)
    no Negate a command or set its defaults
    qos Quality of Service configuration
    rate-limit Apply a rate-limit to a specific traffic type for this port
    routing Configure interface as L3
    sflow Enable sFlow
    show Show running system information
    shutdown Enable/disable an interface
    spanning-tree Spanning-tree configuration
    speed Configure interface speed, duplex, and auto-negotiation
    track Track information
    udld Enable/Disable Unidirectional Link Detection protocol (UDLD)
    vlan VLAN configuration
    vrf VRF Configuration
    vrrp VRRP information
    vsx-sync Enable VSX config sync for specific interface associations


    AOSCX-8320(config-if)# ip
    address Set IP address
    bootp-gateway Interface IP used as source IP for forwarding DHCP
    requests
    directed-broadcast Configure the IP Directed Broadcast for the interface
    forward-protocol Configure a forward-protocol on the interface
    helper-address Configure the helper-address for DHCP relay
    igmp IGMP Configurations
    irdp Configure ICMP Router Discovery Protocol
    mtu Configure the IP MTU for the interface
    ospf OSPF interface commands
    pim-dense Configure the PIM-DM protocol
    pim-sparse Configure the PIM-SM protocol
    proxy-arp Enable proxy ARP
    urpf-check Configure Unicast Reverse Path Forwarding check

     

    AOSCX-8320(config)# dhc
    dhcp-relay Configure DHCP relay
    dhcp-server Configure DHCP server
    dhcpv6-relay Configure DHCPv6 relay
    dhcpv6-server Configure DHCPv6 server

     

    My guess is I need to globally enable SNOOPING but I cannot find the command context.

     

    Thanks !!!!



  • 6.  RE: AOS-CX (10.04) DHCP TRUST ???
    Best Answer

    EMPLOYEE
    Posted Nov 05, 2019 07:19 AM

    The delivery of this feature was prioritized to 6300/6400/8400.

    For roadmap information, please contact your Aruba local counterpart that can follow-up for this request on 8320.



  • 7.  RE: AOS-CX (10.04) DHCP TRUST ???

    Posted Nov 05, 2019 10:23 AM

    @vincent.giles(Vincent:) wrote:

    The delivery of this feature was prioritized to 6300/6400/8400.

    For roadmap information, please contact your Aruba local counterpart that can follow-up for this request on 8320.


    Editted response from local Aruba sources:

     

    "...the feedback we (local ruba reps) have been provided is that Aruba’s stance is that snooping should only be deployed on the edge switches.  The reason being that as an aggregation switch, the tables can get so large that it gets unmanageable, plus it hits the control plane hard..."



  • 8.  RE: AOS-CX (10.04) DHCP TRUST ???

    Posted Nov 05, 2019 07:04 AM

    Additional information from "SHow TECH"

     



    AOSCX8320# show tech | beg 20 "dhcpv4-snoop"
    4 Tue Nov 5 05:56:43 2019 show sys | incl dhcpv4-snoop
    3 Tue Nov 5 05:56:54 2019 show sys | incl snoop
    2 Tue Nov 5 05:57:38 2019 show tech | incl dhcpv4-snoop
    1 Tue Nov 5 05:59:16 2019 show tech | beg 20 "dhcpv4-snoop"

    *********************************
    Command : show images
    *********************************
    ---------------------------------------------------------------------------
    ArubaOS-CX Primary Image
    ---------------------------------------------------------------------------
    Version : TL.10.04.0001
    Size : 371 MB
    Date : 2019-10-31 12:33:49 PDT
    SHA-256 : cb48266???????d1a4d2

    ---------------------------------------------------------------------------
    ArubaOS-CX Secondary Image
    ---------------------------------------------------------------------------
    Version : TL.10.03.0050
    Size : 361 MB
    Date : 2019-10-22 07:31:57 PDT
    SHA-256 : 6a94????f415ef97cb1191

    [Begin] Feature dhcpv4-snooping
    ====================================================

    ====================================================
    [End] Feature dhcpv4-snooping
    ====================================================

    ====================================================
    [Begin] Feature dhcpv6-snooping
    ====================================================

    ====================================================
    [End] Feature dhcpv6-snooping
    ====================================================

    ====================================================
    [Begin] Feature ip-directed-broadcast
    ====================================================



  • 9.  RE: AOS-CX (10.04) DHCP TRUST ???

    Posted Nov 05, 2019 07:16 AM

    @vincent.giles wrote:

    sorry, I miss-read your question... not at all related to QoS trust.

    (I was on a QoS topic :-)

     

    On interface context:

    dhcpv4-snooping trust

    Please see the 6300/6400 10.4 IP Services Guide.

    https://support.hpe.com/hpsc/doc/public/display?docId=a00091702en_us


    The 6300/6400 support TRUST and SNOOPING for DHCP But the 8320/8325 does NOT per the 8320/8325 Documents.

     

    Thanks...any  hinys from Aruba??????