• December 09, 2018, 03:42:06 PM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: DHCP snooping, ARP Inspection etc. on VSP 4000  (Read 590 times)

0 Members and 1 Guest are viewing this topic.

Offline pat2012

  • Sr. Member
  • ****
  • Posts: 150
DHCP snooping, ARP Inspection etc. on VSP 4000
« on: March 12, 2018, 03:14:01 PM »
Hi guys.

I have been looking through the Documentation Collection for the VSP 4000 and cannot seem to find the commands for how to enable DHCP Snooping and other security configurations.

For the ERS 4800's (for example), such configurations are discussed in the "Configuring Security" document.  However, the equivalent document for the VSP 4000 makes no mention of them.

Do you know how these features are enabled on the VSP 4000?

Thanks.


Offline MatzeKS

  • Sr. Member
  • ****
  • Posts: 301
    • matzeks
    • Controlware GmbH - Germany
Re: DHCP snooping, ARP Inspection etc. on VSP 4000
« Reply #1 on: March 13, 2018, 05:26:47 AM »
Hi Pat,

"DHCP-Snooping" & Arp-Inspection are available since VOSS 6.x if I remember correctly, but it can only be enabled on Vlans there is no DHCP-Relay existent.




CWLAB-4450-01:1#sho running-config
Preparing to Display Configuration...
#
# Tue Mar 13 09:18:38 2018 UTC
# box type             : VSP-4450GSX-PWR+
# software version     : 6.1.2.1
# cli mode             : ECLI

conf t

#
# DHCP SNOOPING CONFIGURATION
#
ip dhcp-snooping enable


#
# VLAN CONFIGURATION
#
interface vlan 301
ip dhcp-snooping enable
ip arp-inspection enable
exit


#
# PORT CONFIGURATION - PHASE II
#
interface GigabitEthernet 1/3
name "ONA_Net"
no shutdown
no spanning-tree mstp  force-port-state enable
ip dhcp-snooping trusted
ip arp-inspection trusted
exit

end

CWLAB-4450-01:1# sho ip dhcp-snooping binding

========================================================================================================================
                                              DHCP Snooping Binding Table
========================================================================================================================
MAC                       IP              PORT    VLAN    VRF             LEASE      EXPIRY     ENTRY
ADDRESS                   ADDRESS         NUM     ID      NAME            TIME       TIME       TYPE
------------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------------
Static entries  : 0
Learned entries : 0
Total entries   : 0
------------------------------------------------------------------------------------------------------------------------

All 0 out of 0 Total DHCP Snooping binding entries displayed

CWLAB-4450-01:1#sho ip arp-inspection ?
  interface  Show arp inspection port configuration
  vlan       Show arp inspection vlan configuration
  vrf        Display arp inspection for a particular vrf
  vrfids     Display arp inspection for a particular vrf


« Last Edit: March 13, 2018, 05:34:37 AM by MatzeKS »
------------------------------------------------------
ACE-Fx #00050

Offline pat2012

  • Sr. Member
  • ****
  • Posts: 150
Re: DHCP snooping, ARP Inspection etc. on VSP 4000
« Reply #2 on: March 13, 2018, 07:43:32 AM »
Thank you very much.

They may need to update their documentation because I've been looking for DHCP Snooping in the 6.1.2 release document collection - no luck so far.

VOSS is different to what I'm accustomed to on the ERS series - lots of similarities, but some notable differences.

Thanks again.

Offline MatzeKS

  • Sr. Member
  • ****
  • Posts: 301
    • matzeks
    • Controlware GmbH - Germany
Re: DHCP snooping, ARP Inspection etc. on VSP 4000
« Reply #3 on: March 13, 2018, 08:50:00 AM »
you may need to have also have a look in the Document Collection, which comes with nearly each sub-release.
Here you'll find the NN47227-601_SecVOSS_6.1_CG_Dec2017.pdf which covers all those topics you're looking for  ;)


URL Document Collection: http://support.avaya.com/css/P8/documents/101045270
------------------------------------------------------
ACE-Fx #00050

Offline pat2012

  • Sr. Member
  • ****
  • Posts: 150
Re: DHCP snooping, ARP Inspection etc. on VSP 4000
« Reply #4 on: March 13, 2018, 10:11:11 AM »
Found it in the Rel 6.1.2 Documentation Collection .  I wasn't looking hard enough - too many files.  :D