Aruba & ProVision-based
1748085 Members
5026 Online
108758 Solutions
New Discussion юеВ

Re: arp-protection/dhcp-snooping

 
Tony Barrett_2
Frequent Advisor

arp-protection/dhcp-snooping

We have a network that currently has 2626/2650 edge switches, and a 5308 at the core. We're going to be upgrading the 26xx switches to 2530-xxG switches very soon. During the transition phase, I've been tasked with implementing arp protection on this network. On my test network (2 x 2650 and 1 x 5308) I think I've got this working ok, but I didn't want to implement it until we've completed the upgrade.

 

I've just added a 2530-24G to the test network for final verification, and was stunned to find that the dhcp-snooping and arp-protect commands are no longer listed! Have these been depreciated and replaced by something else, or just dropped altogether? I've also checked the port-security command (which we also use), and while I can see a new eavesdrop-protection parameter, nothing else stands out.

 

As the 2530's are far more powerful than the 26xx, I'd be totally surprised if these features have been dropped. Can someone advise on this, as arp-protection wasn't a requirement when be bought the 2530's, but it is now.

4 REPLIES 4
Richard Brodie_1
Honored Contributor

Re: arp-protection/dhcp-snooping

You've got a newer model but you've also gone down the range a bit; it looks like dhcp-snooping and arp-protect didn't make it down onto the level 2 switches.

Peter_Debruyne
Honored Contributor

Re: arp-protection/dhcp-snooping

Hi,

 

25xx series are *pure* L2 switches, so they typically do not support any L3 intelligence (like arp snooping/dhcp protection), this is the major difference with the 26xx series (100Mbps) and the 29xx series(Gbps), which are listed as L3-lite, so they can do some L3 filter functions at the edge.

 

2530 is more powerfull from bandwidth point of view, but not feature point of view. (this is why checking the specs is important - lookup in HP Product Bulletin for details)

 

Best regards,Peter.

Tony Barrett_2
Frequent Advisor

Re: arp-protection/dhcp-snooping

Well, thanks for the replies. but obviously that's not the answer I wanted to here. As I said, this was not part of the requirement when we bought the 2530's, it only became a requirement after they were delivered.

 

It looks like neither the 2510 or 2810 have these 'l3-lite' features either, and the next model up that might is the 2910, wihch is a hell of a step up in price.

Vince_Whirlwind
Trusted Contributor

Re: arp-protection/dhcp-snooping

You can use 802.1x for security, so why not throw that back at whoever is setting the new requirement?