Hi all,
I ‘m about to implement some LAN protection measures, like dhcp-snooing and arp-protection.
I have some questions about the behaviour and log-messages of both.
Switches:
- 5406zl with uplink to 3500yl and downlink to 5406zl
o Uplink and downlink are trusted for arp
o Uplink is trusted for DHCP-snooping
- 5406zl with uplink to 5406zl
o Uplink is trusted for arp
o Uplink is trusted for DHCP-snooping
ARP-protection
If a port is “arp-protected”
1. A pc/server with a fixed IP-address gets its connection refused. Ping results in:
I 07/22/10 09:22:45 00912 arp-protect: Ceasing bad binding ARP logs for 1m
I 07/22/10 09:22:45 00911 arp-protect: Deny ARP Reply ‘mac’, ‘ip’ port E11, vlan 194
I 07/22/10 09:22:45 00911 arp-protect: Deny ARP Reply ‘mac’, ‘ip’ port E11, vlan 194
2. A pc with a ‘DHCP-address works fine
DHCP-snooping
If authorized DHCP-servers are configured.
1. If a non authorized DHCP-server is connected on a local port ( trusted arp-protect port )
The next log appears:
I 07/23/10 08:32:10 00912 arp-protect: Ceasing bad binding ARP logs for 1m
I 07/23/10 08:32:10 00911 arp-protect: Deny ARP Req ‘mac’,0.0.0.0 port C20, vlan 194
I 07/23/10 08:32:09 00911 arp-protect: Deny ARP Req ‘mac’,0.0.0.0 port C20, vlan 194
2. If a non authorized DHCP-server is connected to an uplink switch
W 07/23/10 09:32:22 00855 dhcp-snoop: backplane: Ceasing unauthorized server log
s for 5m
W 07/23/10 09:32:22 00854 dhcp-snoop: backplane: Unauthorized server ‘ip’
2 detected on port E1
3. In both cases no log message appears on the downlink switch
Is this as it should work/log?
Thanx Jaap