Wired Intelligent Edge (Campus Switching and Routing)

Reply
Highlighted

AOS-CX (10.04) DHCP TRUST ???

AOS-switch has a dhcp-trust function, is there a comparable function in AOS-CX (10.04) ?  If so what/where?

 

--N

 

-----
# Thanks # Gracias # Merci # ありがとう # Danke # Spasiba # 감사합니다 # Toda # Cheers # Dhanyawaad # Ahsante # Xièxiè # shukran #


../smb/air

Accepted Solutions
Highlighted
MVP Guru

Re: AOS-CX (10.04) DHCP TRUST ???

The delivery of this feature was prioritized to 6300/6400/8400.

For roadmap information, please contact your Aruba local counterpart that can follow-up for this request on 8320.

View solution in original post


All Replies
Highlighted
MVP Guru

Re: AOS-CX (10.04) DHCP TRUST ???

Yes, and available much before 10.4:

on interface context:

qos trust dscp

Highlighted

Re: AOS-CX (10.04) DHCP TRUST ???

Vincent:

 

Thanks for taking the time to respond.

 

Looking for DHCP  <<<  trust   (similar to aos-switch)..to stop rogue dhcp servers.

 

I believe qos and igmp and other trusts are not related.

 

Feel free to correct my noobie (mis)understanding.


../smb/air
Highlighted
MVP Guru

Re: AOS-CX (10.04) DHCP TRUST ???

sorry, I miss-read your question... not at all related to QoS trust.

(I was on a QoS topic :-)

 

On interface context:

dhcpv4-snooping trust

Please see the 6300/6400 10.4 IP Services Guide.

https://support.hpe.com/hpsc/doc/public/display?docId=a00091702en_us

Highlighted

Re: AOS-CX (10.04) DHCP TRUST ???

Vincent:

The AOS-CX documentation indicates their are SNOOPING and TRUST parameters now built-in the 10.04 for the 8320 (and other switches).  See my 8320 10.04.0001 context below  (no snooping or trust -- why??):

 

AOSCX-8320(config)# dhcp
dhcp-relay Configure DHCP relay
dhcp-server Configure DHCP server
dhcpv6-relay Configure DHCPv6 relay
dhcpv6-server Configure DHCPv6 server

 

AOSCX-8320(config)# int vlan 555
AOSCX-8320(config-if-vlan)#
active-gateway Configure active gateway for the interface
apply Apply a configuration record
arp Configure ARP commands
bfd Set BFD configuration
description Add an interface description
end End current mode and change to enable mode
exit Exit current mode and change to previous mode
ip IP information
ipv6 IPv6 information
l3-counters Enable Rx and Tx L3 counters
list Print command list
no Negate a command or set its defaults
show Show running system information
shutdown Enable/disable an interface
track Track information
vrf VRF Configuration
vrrp VRRP information
vsx Configure VSX related settings on this interface
vsx-sync Enable VSX config sync for specific interface associations

AOSCX-8320(config)# int 1/1/2
AOSCX-8320(config-if)#
apply Apply a configuration record
arp Configure ARP commands
bfd Set BFD configuration
cdp Configure CDP operating mode
description Add an interface description
end End current mode and change to enable mode
exit Exit current mode and change to previous mode
flow-control Configure flow control
ip IP information
ipv6 IPv6 information
l3-counters Enable Rx and Tx L3 counters
lacp Configure LACP parameters
lag Add the current interface to link aggregation
list Print command list
lldp Configure LLDP parameters
loop-protect Configure loop protection
mtu Configure the MTU for the interface
mvrp Enable the Multiple VLAN Registration Protocol (MVRP)
no Negate a command or set its defaults
qos Quality of Service configuration
rate-limit Apply a rate-limit to a specific traffic type for this port
routing Configure interface as L3
sflow Enable sFlow
show Show running system information
shutdown Enable/disable an interface
spanning-tree Spanning-tree configuration
speed Configure interface speed, duplex, and auto-negotiation
track Track information
udld Enable/Disable Unidirectional Link Detection protocol (UDLD)
vlan VLAN configuration
vrf VRF Configuration
vrrp VRRP information
vsx-sync Enable VSX config sync for specific interface associations


AOSCX-8320(config-if)# ip
address Set IP address
bootp-gateway Interface IP used as source IP for forwarding DHCP
requests
directed-broadcast Configure the IP Directed Broadcast for the interface
forward-protocol Configure a forward-protocol on the interface
helper-address Configure the helper-address for DHCP relay
igmp IGMP Configurations
irdp Configure ICMP Router Discovery Protocol
mtu Configure the IP MTU for the interface
ospf OSPF interface commands
pim-dense Configure the PIM-DM protocol
pim-sparse Configure the PIM-SM protocol
proxy-arp Enable proxy ARP
urpf-check Configure Unicast Reverse Path Forwarding check

 

AOSCX-8320(config)# dhc
dhcp-relay Configure DHCP relay
dhcp-server Configure DHCP server
dhcpv6-relay Configure DHCPv6 relay
dhcpv6-server Configure DHCPv6 server

 

My guess is I need to globally enable SNOOPING but I cannot find the command context.

 

Thanks !!!!


../smb/air
Highlighted

Re: AOS-CX (10.04) DHCP TRUST ???

Additional information from "SHow TECH"

 



AOSCX8320# show tech | beg 20 "dhcpv4-snoop"
4 Tue Nov 5 05:56:43 2019 show sys | incl dhcpv4-snoop
3 Tue Nov 5 05:56:54 2019 show sys | incl snoop
2 Tue Nov 5 05:57:38 2019 show tech | incl dhcpv4-snoop
1 Tue Nov 5 05:59:16 2019 show tech | beg 20 "dhcpv4-snoop"

*********************************
Command : show images
*********************************
---------------------------------------------------------------------------
ArubaOS-CX Primary Image
---------------------------------------------------------------------------
Version : TL.10.04.0001
Size : 371 MB
Date : 2019-10-31 12:33:49 PDT
SHA-256 : cb48266???????d1a4d2

---------------------------------------------------------------------------
ArubaOS-CX Secondary Image
---------------------------------------------------------------------------
Version : TL.10.03.0050
Size : 361 MB
Date : 2019-10-22 07:31:57 PDT
SHA-256 : 6a94????f415ef97cb1191

[Begin] Feature dhcpv4-snooping
====================================================

====================================================
[End] Feature dhcpv4-snooping
====================================================

====================================================
[Begin] Feature dhcpv6-snooping
====================================================

====================================================
[End] Feature dhcpv6-snooping
====================================================

====================================================
[Begin] Feature ip-directed-broadcast
====================================================


../smb/air
Highlighted

Re: AOS-CX (10.04) DHCP TRUST ???


@vincent.giles wrote:

sorry, I miss-read your question... not at all related to QoS trust.

(I was on a QoS topic :-)

 

On interface context:

dhcpv4-snooping trust

Please see the 6300/6400 10.4 IP Services Guide.

https://support.hpe.com/hpsc/doc/public/display?docId=a00091702en_us


The 6300/6400 support TRUST and SNOOPING for DHCP But the 8320/8325 does NOT per the 8320/8325 Documents.

 

Thanks...any  hinys from Aruba??????


../smb/air
Highlighted
MVP Guru

Re: AOS-CX (10.04) DHCP TRUST ???

The delivery of this feature was prioritized to 6300/6400/8400.

For roadmap information, please contact your Aruba local counterpart that can follow-up for this request on 8320.

View solution in original post

Highlighted

Re: AOS-CX (10.04) DHCP TRUST ???


@vincent.giles(Vincent:) wrote:

The delivery of this feature was prioritized to 6300/6400/8400.

For roadmap information, please contact your Aruba local counterpart that can follow-up for this request on 8320.


Editted response from local Aruba sources:

 

"...the feedback we (local ruba reps) have been provided is that Aruba’s stance is that snooping should only be deployed on the edge switches.  The reason being that as an aggregation switch, the tables can get so large that it gets unmanageable, plus it hits the control plane hard..."


../smb/air
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: