>> Packets sourced by a labtop which ip config was obtained trhough 2811B and reaching gw (2811A) are blocked due to DHCP authorized ARP.
I see two ways:
use two HSRP groups on the same VLAN and have 2811B be the master of HSRP-group B and the DHCP scope on 2811B to give as GW the VIP of this second HSRP group.
find a way to delay the DHCP response of 2811B so that all users will likely get their IP addresses from 2811A until 2811A is alive.
However, what will happen when 2811A dies or at least has its interface in the VLAN disconnected ?
You should have a repository for all leases on a separate host I think in order to be able to achieve real redundancy
When you configure a DHCP policy, you must define the IP address pools for the server to use to provide addresses to DHCP clients. In addition, you can optionally define the following:
â¢>>> External DHCP database agent.
Understanding DHCP Database Agents
A DHCP database agent is any external host-for example, an FTP, TFTP, or RCP server-that stores the DHCP bindings database. You can include one or more DHCP database agents in each DHCP policy, as well as configure the interval between database updates to the agent.
If both routers update the same database this could help if they look at the external DB to decide if a user is authorized or not.
However, because you are already using 802.1X authentication using DHCP Authorized ARP can be too much.
Sharing of DHCP database seems to be useful, but we have to face to another issue which is how can we "synchronize" or share ARP resolutions tables between both routers, in a manner that arp requests are not blocked?
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...