Reasons why IP packets matching binding entries are discarded a while after S series switch generates the dynamic binding table

3

After the dynamic binding table on the S series switches is generated for a while, If the IP packets that match the entries in the binding table are discarded, you need to check that the binding table still exists. The dynamic binding table has the aging time. If the IP address lease is not renewed after the aging time expires, the binding table ages out. As a result, the IP packets that match entries in the expired binding table are discarded.

Other related questions:
Generation of dynamic DHCP snooping binding entries on S series switch
Information about generating DHCP snooping binding entries is as follows: - When the dhcp snooping enable command is not run on the user-side interface and the network-side interface is not configured as a trusted interface, users can go online, but no DHCP snooping binding entry is generated. - When the dhcp snooping enable command is not run on the user-side interface and the network-side interface is configured as a trusted interface, users can go online, but no DHCP snooping binding entry is generated. - When the dhcp snooping enable command is run on the user-side interface and the network-side interface is not configured as a trusted interface, users cannot go online, but no DHCP snooping binding entry is generated. - When the dhcp snooping disable command is run on the user-side interface, users can go online, but no DHCP snooping binding entry is generated no matter whether the network-side interface is configured as a trusted interface. - When the dhcp snooping enable command is run on the user-side interface and both user-side and network-side interfaces are configured as trusted interfaces, users can go online, but no DHCP snooping binding entry is generated. - If the DHCP snooping function has been enabled but no DHCP snooping entry is generated, you can check the device configuration in the preceding aspects.

Delete entries in binding tables for IPSG (user-bind binding tables) on S series switches
Delete entries in a binding table for IPSG (user-bind binding table) on an S series switch (except the S1700) as follows: Binding entries include static entries and dynamic entries. Dynamic entries are automatically generated when DHCP snooping is enabled. To delete dynamic entries, disable DHCP snooping. Static entries are configured manually. To delete static entries, perform the following operations: 1. Run the display dhcp static user-bind all command to view all static binding entries on the switch. [HUAWEI] display dhcp static user-bind all 2. Delete binding entries as required. a. Delete the static binding entry of IP address 192.168.1.1. [HUAWEI] undo user-bind static ip-address 192.168.1.1 mac-address 0001-0001-0001 b. Delete the static binding entry of MAC address 0002-0002-0002. [HUAWEI]undo user-bind static mac-address 0002-0002-0002 c. Delete all static binding entries of GE0/0/1. [HUAWEI] undo user-bind static interface gigabitethernet 0/0/1 d. Delete all static binding entries in VLAN 10. [HUAWEI] undo user-bind static vlan 10 e. Delete all entries in the static binding table. [HUAWEI]undo user-bind static

Specifications of IPSG table entries on S series switches
Hi, I cannot answer this question. For details about product specifications, click http://e.huawei.com/en/service-hotline to look up the contact method of your local customer service engineers.

With IPSG enabled, how will an S series switch process IP packets that do not match the binding table?
With IPSG enabled, an S series switch (except the S1700) checks IP packets against a DHCP snooping dynamic binding table or static binding table. Before the switch forwards an IP packet, it compares the source IP address, source MAC address, interface, or VLAN information in the IP packet with entries in the binding table. If a matching entry is found, the switch considers the IP packet as a valid packet and forwards it. Otherwise, the switch considers the IP packet as an attack packet and discards it. Whether an IP packet sent from a terminal connected to a port matches a binding entry or not has no effect on the status of the port (for example, the port will not change from the up state to the shutdown or error-disable state).

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top