CHAPTER
20-1
Cisco Nexus 1000V Troubleshooting Guide, Release 5.2(1)SV3(1.1)
OL-31593-01
20
DHCP, DAI, and IPSG
This chapter describes how to identify and resolve problems related to the following security features:
• Dynamic Host Configuration Protocol (DHCP) snooping
• Dynamic ARP Inspection (DAI)
• IP Source Guard (IPSG)
This chapter includes the following sections:
• Information About DHCP Snooping, page 20-1
• Information About Dynamic ARP Inspection, page 20-2
• Information About IP Source Guard, page 20-2
• Guidelines and Limitations for Troubleshooting, page 20-2
• Problems with DHCP Snooping, page 20-3
• Troubleshooting Dropped ARP Responses, page 20-4
• Problems with IP Source Guard, page 20-5
• Collecting and Evaluating Logs, page 20-5
• DHCP, DAI, and IPSG Troubleshooting Commands, page 20-6
Information About DHCP Snooping
DHCP snooping acts like a firewall between untrusted hosts and trusted DHCP servers by doing the
following:
• Validates DHCP messages received from untrusted sources and filters out invalid response messages
from DHCP servers.
• Builds and maintains the DHCP snooping binding database, which contains information about
untrusted hosts with leased IP addresses.
• Uses the DHCP snooping binding database to validate subsequent requests from untrusted hosts.
Dynamic ARP inspection (DAI) and IP Source Guard also use information stored in the DHCP snooping
binding database.
For detailed information about configuring DHCP snooping, see the Cisco Nexus 1000V Security
Configuration Guide.
To Next Page
Loading...
Need help?
General
