arp-protection/dhcp-snooping (487 Views)
Reply
Frequent Advisor
Tony Barrett_2
Posts: 90
Registered: ‎05-18-2004
Message 1 of 5 (487 Views)

arp-protection/dhcp-snooping

We have a network that currently has 2626/2650 edge switches, and a 5308 at the core. We're going to be upgrading the 26xx switches to 2530-xxG switches very soon. During the transition phase, I've been tasked with implementing arp protection on this network. On my test network (2 x 2650 and 1 x 5308) I think I've got this working ok, but I didn't want to implement it until we've completed the upgrade.

 

I've just added a 2530-24G to the test network for final verification, and was stunned to find that the dhcp-snooping and arp-protect commands are no longer listed! Have these been depreciated and replaced by something else, or just dropped altogether? I've also checked the port-security command (which we also use), and while I can see a new eavesdrop-protection parameter, nothing else stands out.

 

As the 2530's are far more powerful than the 26xx, I'd be totally surprised if these features have been dropped. Can someone advise on this, as arp-protection wasn't a requirement when be bought the 2530's, but it is now.

Please use plain text.
Honored Contributor
Richard Brodie_1
Posts: 573
Registered: ‎10-09-2003
Message 2 of 5 (464 Views)

Re: arp-protection/dhcp-snooping

You've got a newer model but you've also gone down the range a bit; it looks like dhcp-snooping and arp-protect didn't make it down onto the level 2 switches.

Please use plain text.
Honored Contributor
Peter_Debruyne
Posts: 314
Registered: ‎03-21-2011
Message 3 of 5 (444 Views)

Re: arp-protection/dhcp-snooping

Hi,

 

25xx series are *pure* L2 switches, so they typically do not support any L3 intelligence (like arp snooping/dhcp protection), this is the major difference with the 26xx series (100Mbps) and the 29xx series(Gbps), which are listed as L3-lite, so they can do some L3 filter functions at the edge.

 

2530 is more powerfull from bandwidth point of view, but not feature point of view. (this is why checking the specs is important - lookup in HP Product Bulletin for details)

 

Best regards,Peter.

Please use plain text.
Frequent Advisor
Tony Barrett_2
Posts: 90
Registered: ‎05-18-2004
Message 4 of 5 (431 Views)

Re: arp-protection/dhcp-snooping

Well, thanks for the replies. but obviously that's not the answer I wanted to here. As I said, this was not part of the requirement when we bought the 2530's, it only became a requirement after they were delivered.

 

It looks like neither the 2510 or 2810 have these 'l3-lite' features either, and the next model up that might is the 2910, wihch is a hell of a step up in price.

Please use plain text.
Trusted Contributor
Vince_Whirlwind
Posts: 401
Registered: ‎02-25-2013
Message 5 of 5 (419 Views)

Re: arp-protection/dhcp-snooping

You can use 802.1x for security, so why not throw that back at whoever is setting the new requirement?

Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation