DHCP Configuration on CX-M Asterfusion Enterprise SONiC Switch
- 1 Purpose
- 2 Model and Version
- 3 DHCP configuration instructions
- 3.1 DHCP introduction
- 3.2 DHCP server configuration
- 3.3 DHCP relay configuration
- 3.4 DHCP snooping configuration
- 3.5 ND snooping configuration
- 4 DHCP configuration case
- 4.1 Case 1 DHCP service and relay
- 4.2 Case 2 DHCP snooping
- 4.2 Case 3 ND snooping
- Asterfusion CX-N data center switches as the links below
1 Purpose
This article mainly explains the DHCP configuration on Asterfusion enterprise SONiC switches.
By reading this article, users can quickly master the configuration method of DHCP on Asterfusion SONiC switch.
2 Model and Version
Model:
CX-M series switches
Version:
AsterNOSv5.2.8
3 DHCP configuration instructions
3.1 DHCP introduction
DHCP (Dynamic Host Configuration Protocol) is a standard protocol defined by RFC2131. This protocol allows the server to dynamically allocate IP addresses and configuration information to clients. DHCP uses the C/S mode for communication. The client sends a request to the server, and the server allocates an IP address with a validity period to the client. CX-M series switches support the DHCP function, which can be used as a DHCP server to allocate IP addresses to customers and also has a DHCP relay function. This chapter introduces the DHCP configuration method.
3.2 DHCP server configuration
dhcp pool name # Create a DHCP address pool and enter the DHCP configuration view
network ip-address mask # Configure the network segment dynamically allocated by the DHCP address pool
address-pool ip-address ip-address # Configure the IP address range dynamically allocated by the DHCP address pool
routers ip-address # Configure the assigned gateway for DHCP clients
dns ip-address # Configure the DNS address assigned to the DHCP client
lease-time default-time max-time # Configuring the lease validity period of dynamically allocated IP addresses
tftp-server server-name # Configure the TFTP server address assigned to the DHCP client
bootfile-name bootfile # Configure the startup file name assigned to the DHCP client
next-server ip-address # Configure the next server IP address that provides services assigned to the DHCP client.
vlan vlan-id # Bind the created DHCP address pool to the specified VLANif interface
Example:
sonic(config)# dhcp pool dhcp1
sonic(config-dhcp-pool-dhcp1)# network 10.0.10.100 255.255.255.0
sonic(config-dhcp-pool-dhcp1)# address-pool 10.0.10.101 10.0.10.200
sonic(config-dhcp-pool-dhcp1)# routers 10.0.10.1
sonic(config-dhcp-pool-dhcp1)# dns 8.8.8.8
sonic(config-dhcp-pool-dhcp1)# lease-time 300 600
sonic(config-dhcp-pool-dhcp1)# tftp-server server1
sonic(config-dhcp-pool-dhcp1)# bootfile-name dhcpboot1
sonic(config-dhcp-pool-dhcp1)# next-server 10.0.10.248
sonic(config-dhcp-pool-dhcp1)# vlan 101
3.3 DHCP relay configuration
configure terminal # Enter system configuration view
dhcp-relay relay-name {v4|v6} # Create a DHCP relay instance and enter the DHCP relay view
down_link interface vlan vlan-id
# Specify the VLAN to which the client that needs to dynamically assign an IP address belongs
up_link interface interface-type interface-name
# Specify the interface through which the device connects to the DHCP server
server_ip ip-address # Specify the IP address of the DHCP server
loopback_interface loopback ID # Configure the loopback port as the relay agent IP
no_option82 # Enable not encapsulating the option82 field
dhcp-agent address ip-address # Configure relay agent IP address
Example:
sonic(config)# dhcp-relay relay1 v4
sonic(config-dhcp-relay-relay1__v4)# down_link interface vlan 102
sonic(config-dhcp-relay-relay1__v4)# up_link interface ethernet 20
sonic(config-dhcp-relay-relay1__v4)# server_ip 10.0.10.240
sonic(config-dhcp-relay-relay1__v4)# loopback_interface loopback 0
sonic(config-dhcp-relay-relay1__v4)# no_option82
sonic(config-dhcp-relay-relay1__v4)#exit
sonic(config)#interface vlan 102
sonic(config-vlanif-102)# dhcp-agent address 10.0.10.20
3.4 DHCP snooping configuration
configure terminal # Enter system configuration view
dhcp snooping enable{v4|v6} # Enable DHCP Snooping function, default disable.
interface ethernet interface-id # Enter interface view
dhcp-snooping enable # Enable DHCP Snooping function, default disable.
dhcp-snooping trusted # Set the trust status of the port, default untrusted.
Example:
sonic# configure terminal
sonic(config)# dhcp snooping enable v4
sonic(config)# interface ethernet 20
sonic(config-if-20)# dhcp-snooping enable
sonic(config-if-20)# dhcp-snooping trusted
3.5 ND snooping configuration
configure terminal # Enter system configuration view.
nd snooping enable # Enable nd Snooping function, default disable.
vlan ID # Enter vlan view.
nd snooping enable # Enable nd Snooping function, default disable.
Example:
sonic# configure terminal
sonic(config)# nd snooping enable
sonic(config)# vlan 101
sonic(config-vlan-101)# nd snooping enable
4 DHCP configuration case
4.1 Case 1 DHCP service and relay
4.1.1 Requirements
User 1 and User 2 of the client company belong to Department A, User 3 and User 4 belong to Department B, switch1 acts as a DHCP relay, and switch2 acts as a DHCP server. It is required that department A be assigned an IP address between 10.1.2.2 and 10.1.2.100, and department B be assigned an IP address between 10.1.10.2-10.1.10.100.
4.1.2 Topology
4.1.3 Configuration steps
Step 1
Switch1
sonic# configure terminal
sonic(config)# vlan 100
sonic(config-vlan-100)# exit
sonic(config)# interface ethernet 1
sonic(config-if-1)# switchport access vlan 100
sonic(config-if-1)# exit
sonic(config)# interface ethernet 2
sonic(config-if-2)# switchport access vlan 100
sonic(config-if-2)# exit
sonic(config)# interface vlan 100
sonic(config-vlanif-100)# ip address 10.1.2.1/24
sonic(config)# vlan 200
sonic(config-vlan-200)# exit
sonic(config)# interface ethernet 3
sonic(config-if-3)# switchport access vlan 200
sonic(config-if-3)# exit
sonic(config)# interface ethernet 4
sonic(config-if-4)# switchport access vlan 200
sonic(config-if-4)# exit
sonic(config)# interface vlan 200
sonic(config-vlanif-200)# ip address 10.1.10.1/24
sonic# configure terminal
sonic(config)# interface ethernet 5
sonic(config-if-5)# ip address 10.110.1.1/24
sonic(config)# interface loopback 0
sonic(config-if-lo0)# ip address 10.120.1.1/32
sonic(config)# dhcp-relay relay1 v4
sonic(config-dhcp-relay- relay1__v4)# down_link interface vlan 100
sonic(config-dhcp-relay- relay1__v4)# down_link interface vlan 200
sonic(config-dhcp-relay- relay1__v4)# up_link interface 5
sonic(config-dhcp-relay- relay1__v4)# server_ip 10.110.1.2
sonic(config-dhcp-relay- relay1__v4)# loopback_interface loopback 0
sonic(config-dhcp-relay- relay1__v4)# exit
Step 2
Switch2
sonic# configure terminal
sonic(config)# vlan 300
sonic(config-vlan-300)# exit
sonic(config)# vlan 100
sonic(config-vlan-100)# exit
sonic(config)# vlan 200
sonic(config-vlan-200)# exit
sonic(config)# interface ethernet 5
sonic(config-if-5)# switchport access vlan 300
sonic(config-if-5)# switchport trunk vlan 100
sonic(config-if-5)# switchport trunk vlan 200
sonic(config-if-5)# exit
sonic(config)# interface vlan 300
sonic(config-vlanif-300)# ip address 10.110.1.2/24
sonic# configure terminal
sonic(config)# dhcp pool userA
sonic(config-dhcp-pool-userA)# network 10.1.2.1 255.255.255.0
sonic(config-dhcp-pool-userA)# address-pool 10.1.2.2 10.1.2.100
sonic(config-dhcp-pool-userA)# dns 8.8.8.8
sonic(config-dhcp-pool-userA)# vlan 100
sonic(config-dhcp-pool-userA)# exit
sonic(config)# dhcp pool userB
sonic(config-dhcp-pool-userB)# network 10.1.10.1 255.255.255.0
sonic(config-dhcp-pool-userB)# address-pool 10.1.10.2 10.1.10.100
sonic(config-dhcp-pool-userB)# dns 8.8.8.8
sonic(config-dhcp-pool-userB)# vlan 200
sonic(config-dhcp-pool-userB)# exit
sonic(config)# dhcp pool dhcpmgmt
sonic(config-dhcp-pool-dhcpmgmt)# network 10.110.10.1 255.255.255.0
sonic(config-dhcp-pool-dhcpmgmt)# address-pool 10.110.1.1 10.110.1.2
sonic(config-dhcp-pool-dhcpmgmt)# vlan 300
sonic(config-dhcp-pool-dhcpmgmt)# exit
4.1.4 Verify network configuration
The users can apply for the correct IP address and be able to ping the gateway.
4.2 Case 2 DHCP snooping
4.2.1 Requirements
A user needs to uniformly allocate IP addresses to terminals in the network through a DHCP server, and at the same time prohibit users from accessing the network through statically configured IP addresses.
4.2.2 Topology
4.2.3 Configuration steps
Step 1
Switch1
sonic(config)# vlan 100
sonic(config-vlan-100)# exit
sonic(config)# interface ethernet 1
sonic(config-if-1)# switchport access vlan 100
sonic(config-if-1)# exit
sonic(config)# interface ethernet 2
sonic(config-if-2)# switchport access vlan 100
sonic(config-if-1)# exit
sonic(config)# interface vlan 100
sonic(config-vlanif-100)# ip address 10.1.2.1/24
sonic(config)# dhcp-relay relay1 v4
sonic(config-dhcp-relay- relay1__v4)# down_link interface vlan 100
sonic(config-dhcp-relay- relay1__v4)# up_link interface 5
sonic(config-dhcp-relay- relay1__v4)# server_ip 10.110.1.2
sonic(config-dhcp-relay- relay1__v4)# loopback_interface loopback 0
sonic(config-dhcp-relay- relay1__v4)# exit
sonic(config)# dhcp snooping enable
sonic(config)# interface vlan 100
sonic(config-vlanif-100)# dhcp-snooping enable
sonic(config-vlanif-100)#exit
sonic(config)# interface ethernet 5
sonic(config-if-5)# ip address 10.110.1.1/24
sonic(config-if-5)# dhcp-snooping enable
sonic(config-if-5)# dhcp-snooping trusted
sonic(config)# interface vlan 100
sonic(config-vlanif-100)# ipv4-source-check enable
sonic(config-vlanif-100)# arp anti-attack-check enable
Step 2
Switch2
sonic(config)# vlan 300
sonic(config-vlan-300)# exit
sonic(config)# vlan 100
sonic(config-vlan-100)# exit
sonic(config)# interface ethernet 5
sonic(config-if-5)# switchport access vlan 300
sonic(config-if-5)# switchport trunk vlan 100
sonic(config-if-5)# exit
sonic(config)# interface vlan 300
sonic(config-vlanif-300)# ip address 10.110.1.2/24
sonic(config)# dhcp pool userA
sonic(config-dhcp-pool-userA)# network 10.1.2.1 255.255.255.0
sonic(config-dhcp-pool-userA)# address-pool 10.1.2.2 10.1.2.100
sonic(config-dhcp-pool-userA)# dns 8.8.8.8
sonic(config-dhcp-pool-userA)# vlan 100
sonic(config-dhcp-pool-userA)# exit
sonic(config)# dhcp pool dhcpmgmt
sonic(config-dhcp-pool-dhcpmgmt)# network 10.110.10.1 255.255.255.252
sonic(config-dhcp-pool-dhcpmgmt)# address-pool 10.110.1.1 10.110.1.2
sonic(config-dhcp-pool-dhcpmgmt)# vlan 300
sonic(config-dhcp-pool- dhcpmgmt)# exit
4.2.4 Verify network configuration
1. The users can apply for the correct IP address.
2.After modifying the IP address on user 1 to a static IP address, the gateway cannot be pinged.
4.3 Case 3 ND snooping
4.3.1 Requirements
Users need to uniformly allocate IPv6 addresses through automatic configuration, support obtaining IPv6 addresses through stateful and stateless methods, and prohibit users from accessing the network through statically configured IPv6 addresses.
4.3.2 Topology
4.3.3 Configuration steps
Step 1
Switch1
sonic(config)# vlan 100
sonic(config-vlan-100)# exit
sonic(config)# interface ethernet 1
sonic(config-if-1)# switchport access vlan 100
sonic(config-if-1)# exit
sonic(config)# interface ethernet 2
sonic(config-if-2)# switchport access vlan 100
sonic(config-if-2)# exit
sonic(config)# interface vlan 100
sonic(config-vlanif-100)# ip address fd00:100::1/64
sonic(config-vlanif-100)# ipv6 nd ra managed-flag on
sonic(config-vlanif-100)# ipv6 nd ra autonomous on
sonic(config-vlanif-100)# ipv6 nd ra other-flag on
sonic(config-vlanif-100)# ipv6 nd ra prefix fd00:100::1/64
sonic(config-vlanif-100)# ipv6 nd ra route-information ::/0 high
sonic(config-vlanif-100)# ipv6 nd ra route-information fd00:100::1/64
sonic(config)# dhcp-relay relay1 v6
sonic(config-dhcp-relay- relay1__v6)# down_link interface vlan 100
sonic(config-dhcp-relay- relay1__v6)# up_link interface 5
sonic(config-dhcp-relay- relay1__v6)# server_ip fd00:1001:1501::2002
sonic(config-dhcp-relay- relay1__v6)# loopback_interface loopback 0
sonic(config-dhcp-relay- relay1__v6)# exit
sonic(config)# dhcp snooping enable
sonic(config)# nd snooping enable
sonic(config)# interface vlan 100
sonic(config-vlanif-100)# dhcp-snooping enable
sonic(config-vlanif-100)# nd snooping enable
sonic(config)# interface ethernet 5
sonic(config-if-5)# ip address fd00:1001:1501::2001/64
sonic(config-if-5)# dhcp-snooping enable
sonic(config-if-5)# dhcp-snooping trusted
sonic(config)# interface vlan 100
sonic(config-vlanif-100)# ipv4-source-check enable
sonic(config-vlanif-100)# arp anti-attack-check enable
sonic(config-vlanif-100)# ipv6-source-check enable
sonic(config-vlanif-100)# savi enable
Step 2
Switch2
sonic(config)# vlan 300
sonic(config-vlan-300)# exit
sonic(config)# vlan 100
sonic(config-vlan-100)# exit
sonic(config)# interface ethernet 5
sonic(config-if-5)# switchport access vlan 300
sonic(config-if-5)# switchport trunk vlan 100
sonic(config-if-5)# exit
sonic(config)# interface vlan 300
sonic(config-vlanif-300)# ip address fd00:1001:1501::2002/64
sonic(config)# dhcp pool userA v6
sonic(config-dhcp-pool-userA)# network fd00:100:: ffff:ffff:ffff:ffff::
sonic(config-dhcp-pool-userA)# address-pool fd00:100::2 1fd00:100::100
sonic(config-dhcp-pool-userA)# vlan 100
sonic(config-dhcp-pool-userA)# exit
sonic(config)# dhcp pool dhcpmgmt v6
sonic(config-dhcp-pool-dhcpmgmt)# network fd00:1001:1501:: ffff:ffff:ffff::
sonic(config-dhcp-pool-dhcpmgmt)# address-pool fd00:1001:1501::2001 fd00:1001:1501::2002
sonic(config-dhcp-pool-dhcpmgmt)# vlan 300
sonic(config-dhcp-pool-dhcpmgmt)# exit
4.3.4 Verify network configuration
- The users can apply for the correct IPv6 address.
- After modifying the IPv6 address on user 1 to a static IPv6 address, the gateway cannot be pinged.
Asterfusion CX-N & CX-M SONiC switches as the links below
If you have more technical questions, feel free to propose a ticket on our https://help.cloudswit.ch/portal/en/signin