Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch N1500 Series
281282283284285286287288289290
Table Of Contents
Stacking 285
NSF and DHCP Snooping
Figure 8-14 illustrates a Layer-2 access switch running DHCP snooping.
DHCP snooping only accepts DHCP server messages on ports configured as
trusted
ports. DHCP snooping listens to DHCP messages to build a bindings
database that lists the IP address the DHCP server has assigned to each host.
IP Source Guard (IPSG) uses the bindings database to filter data traffic in
hardware based on source IP address and source MAC address. Dynamic ARP
Inspection (DAI) uses the bindings database to verify that ARP messages
contain a valid sender IP address and sender MAC address. DHCP snooping
checkpoints its bindings database.
Figure 8-14. NSF and DHCP Snooping
If the management unit in the stack fails, all hosts connected to that unit lose
network access until that unit reboots. The hardware on surviving units
continues to enforce source filters IPSG installed prior to the failover. Valid
hosts continue to communicate normally. During the failover, the hardware
continues to drop data packets from unauthorized hosts so that security is not
compromised.