Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch N1500 Series
281282283284285286287288289290
Stacking 281
NSF and DHCP Snooping
Figure 8-14 illustrates a Layer-2 access switch running DHCP snooping.
DHCP snooping only accepts DHCP server messages on ports configured as
trusted ports. DHCP snooping listens to DHCP messages to build a bindings
database that lists the IP address the DHCP server has assigned to each host.
IP Source Guard (IPSG) uses the bindings database to filter data traffic in
hardware based on source IP address and source MAC address. Dynamic ARP
Inspection (DAI) uses the bindings database to verify that ARP messages
contain a valid sender IP address and sender MAC address. DHCP snooping
checkpoints its bindings database.
Figure 8-14. NSF and DHCP Snooping
If the stack master fails, all hosts connected to that unit lose network access
until that unit reboots. The hardware on surviving units continues to enforce
source filters IPSG installed prior to the failover. Valid hosts continue to
communicate normally. During the failover, the hardware continues to drop
data packets from unauthorized hosts so that security is not compromised.