IPoE BNG and DHCP on the ASR9K

Similar Messages

• Manual IP and DHCP conflicts

  My Barricade g died (SMC2804WBRP-G). I replaced it with an Airport Extreme (802.11g).
  With the Barricade g, I had manually assigned IP address to all the computers on the LAN (range 192.168.x.1-192.168.x.99). The router distributed IP addresses to the wireless clients via DHCP range (192.162.x.100-192.168.x.200)
  I've setup the AEBS to Distribute IP addresses and selected Share a single IP address (using DHCP and NAT).
  BUT, the AEBS is assigning some of the manual addresses to wireless client IP requests. Then the computer that is supposed to have a manual IP address doesn't have one. Basically, the manual and DHCP addresses are coming from the same pool and causing conflicts.
  How do I deal with manual IP addresses AND DHCP with this router?
  Thanks

  David,
  Thanks for the input. But, I may have misread my post.
  From my original post.
  'With the Barricade g, I had manually assigned IP address to all the computers on the LAN (range 192.168.x.1-192.168.x.99). The router distributed IP addresses to the wireless clients via DHCP range (192.162.x.100-192.168.x.200).'
  In other words, on the network, LAN=static IPs, Wireless clients=DHCP.
  You can have both static and DHCP on the same network.

• I want to use Back to my mac. When I try to turn it on, it says "Back to My Mac may be slow because more than one device on your network is providing network services.   Turn off NAT and DHCP on one of the devices and try again." How do I fix this?

  Not sure if I am doing this right. This is my first time in the support community.
  I imagine what I put in my heading was supposed to go in here.
  I want to use Back to my mac. When I try to turn it on, it says "Back to my mac may be slow because more than one device on your network is providing network services. Turn off NAT and DHCP on one of the devices and try again. See the documentation that came with your device for information about turning off network services"
  Does anyone know how I do this? I contacted my ISP (Telus in Canada) and they did not know anything (not that they usually do).

  Why do ISPs insist upon making things so difficult for their customers?
  If you cannot get them to understand that you would prefer to use your own router over their piece of cheap junk, perhaps the information in the following will be useful:
  http://keithbalomben.wordpress.com/2012/03/29/telus-actiontec-v1000h-hacks-and-i nformation/
  Scroll down to DHCP Settings
  You will need to log in with proper "technician" credentials. They are provided in the above link as
  Username: tech
  Password: t3lu5tv
  ... but these may or may not work. Try it, and if you cannot get anywhere at least now you know what to ask Telus to do in return for your business.

• What are the endpoints attributes collected by NAC Profiler through SNMP and DHCP?

  Hi Everyone,
  Please help on this.
  I want to know what are the endpoints attributes collected by NAC Profiler to discover and profile the endpoints.through SNMP protocol and DHCP protocol.
  Also if anybody can explain a simple used case on this.
  Please guide me on this.
  Thanks in advance.
  Thanks,
  Abuzar.

  Hi,
  SNMP
  =====
  NetMap queries network devices via SNMP for:
  System information
  Interface information
  Bridge information
  802.1X information (PAE MIB)
  Routing/IP information
  CDP MIB Information
  This information is used to Build and maintain a model of the network topology and endpoint discovery.
  NetMap uses SNMP Get, GetNext and GetBulk (when available) requests to  query the SNMP agents running on the network infrastructure devices to  gather specific Management Information Base (MIB) objects about their  status based on device type (Layer 2 or Layer 3).
  In addition to polling each network device for all MIB data at a regular  interval, NetMap may also be commanded to poll port-specific  information when the NAC Profiler system is notified that an endpoint  has joined or left the network via SNMP traps sent by devices at the  network edge, switches typically.
  Upon receipt and verification of a link state (link up, link down) or  MAC notification trap, NetTrap will notify the NAC Profiler Server that a  change has occurred on the network edge (endpoint joined or left a  network port). If the trapping device is in the NAC Profiler  configuration, the NetMap component module assigned to poll the device  that sent the trap will be commanded by the Server module to initiate a  poll of the device's port information to determine the change to the  endpoint topology that resulted in the trap being sent by the network  device.
  The information gathered by NetMap is processed by the Server  accordingly to update the network topology, noting the endpoint joining  or leaving a port. Note that NetMap SNMP polling of network devices  resulting from a trap is localized to the port specified in the trap.  This is unlike the regular polling that occurs at the frequency  specified for each device type (L2 and L3) which gathers all SNMP  information from the device used by the NAC Profiler system.
  DHCP:
  =====
  The NetWatch module listens for traffic including DHCP traffic.
  The module will collect all the DHCP information on the traffic collected, like mac address, ip address,  DHCP Vendor Class Identifier in DHCP request, host name in DHCP request, requested specified options in DHCP request (option 55) and full list of DHCP options supported by the DHCP client as specified in the DHCP request.
  All the endpointe data can then be used to map endpoints with profiles.
  HTH,
  Tiago
  If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

• DHCP issue - DNS suffix provided to the clients with "" and "" symbols replacing the "."

  Hi,
  My station are receiving strange DNS suffix from the DHCP server.
  Normally supposed to be set as for ex: mydomain.com.local and instead of this is receives like this : mydomain♥com♣local
  Any idea where is the issue. Config problem on the Windows 7 pro station or on the DHCP server (Zyxell USG 110 firewall/router)
  Thanks for your advices.
  Phil

  Hi,
  Did this issue occur on all clients or just on one specific computer?
  If these issue occur on all computer, use network monitor capture the network activity. And then upload the log to OneDrive, post the shared link here.
  About how to use it, please read the guide below:
  Network Monitor
  http://technet.microsoft.com/en-us/library/cc938655.aspx
  You could get it from the following address:
  Microsoft Network Monitor 3.4
  http://www.microsoft.com/en-in/download/details.aspx?id=4865
  Karen Hu
  TechNet Community Support

• What is the advantages and disadvantages of having 2012 DHCP within the Domain or its better to keep it stand alone

  What is the advantages and disadvantages of having 2012 DHCP within the Domain or its better to keep it stand alone
  I am Trying to upgrade Current DHCP 2003 Server to 2012 to get benefit from the latest fail over plan and I Want to be sure that it doesn’t affect the current setup

  Hi，
  For DHCP migration, there won’t be any problem. You can follow the guide below：
  Step-By-Step: Migration of DHCP from Windows Server 2003 to Windows Server 2012
  http://blogs.technet.com/b/canitpro/archive/2013/04/29/step-by-step-migration-of-dhcp-from-windows-server-2003-to-windows-server-2012.aspx
  If you have any other role installed on windows server 2003, please read the relevant article:
  Migrate Roles and Features to Windows Server 2012
  http://technet.microsoft.com/en-us/library/dn486809.aspx
  Hope this helps.

• ASR9K: bandwidth and bandwidth remaining cannot be used together. How to solve the problem to grant a quota and equally assign the remaining quota?

  Hi everyone
  The problem should be trivial. We want to grant a quota to specific classes and use equally the remaining quota of available bandwidth to all the requesting classes. Let's clarify with an example:
  Class 7 ==> priority queue, level 1 with police 20%
  Class 5 ==> priority queue, level 2 with police 40%
  Class 6 ==> CIR 12%
  Class 3 ==> CIR 11%
  Class 2 ==> CIR 8%
  Class 1 ==> CIR 5%
  Class 0 ==> CIR 4%
  To simplify let's suppose that there is no traffic on class 7 and 5 and that all remaining classes are generating traffic at a rate of 300Mbps each. Outgoing interface is 1G so congestion occurs. We want that each class 6,3,2,1,0 receive its granted value (so, respectively, 120M, 110M, 80M, 50M and 40M for a total of 400M) and that the remaining available bandwidth (600M) will be equally assigned, so 120M to each class.
  Documentation from IOS-XR 5.2.2 let's understand that this should be the default behavior but if we run the policy shown below what we get is a weighted assignment of the remaining quota.
  The policy used is the following:
  policy-map TEST-POLICY
   class qos7
    police rate percent 20
    priority level 1
   class qos5
    police rate percent 40
    priority level 2
   class qos6
    bandwidth percent 12
   class qos3
    bandwidth percent 11
   class qos2
    bandwidth percent 8
   class qos1
    bandwidth percent 5
   class qos0
    bandwidth percent 4
   class class-default
   end-policy-map
  The documentation of IOS-XR 5.2.2 states that both "bandwidth percent" and "bandwidth remaining percent" could be used in the same class (which could be a solution to force the requested behavior) but using both generates the following error:
  !!% Both bandwidth and bandwidth-remaining actions cannot be configured together in leaf-level of the queuing hierarchy: InPlace Modify Error: Policy TEST-POLICY: 'qos-ea' detected the 'warning' condition 'Both bandwidth and bandwidth-remaining actions cannot be configured together in leaf-level of the queuing hierarchy'
  How could be solved the problem? Maybe a hierarchical QoS with the granted quota in the parent policy and a "bandwidth remaining percent 20" in the child?

  Hi everyone
  just to provide my contribution, the hierarchical QoS policy works balancing the remaining bandwidth after granting the requested bandwidth (see the policy implemented below). However for priority queues it is granted the policer quota but sending more flows these appears to be unbalanced. So the problem to have both PQ served (in a balanced way between flows) AND have the remaining bandwidth distributed equally remains open ...
  policy-map TEST-POLICY-parent
   class qos6
    service-policy TEST-POLICY-child
    bandwidth percent 12
   class qos3
    service-policy TEST-POLICY-child
    bandwidth percent 11
   class qos2
    service-policy TEST-POLICY-child
    bandwidth percent 8
   class qos1
    service-policy TEST-POLICY-child
    bandwidth percent 5
   class qos0
    service-policy TEST-POLICY-child
    bandwidth percent 4
   class class-default
    service-policy TEST-POLICY-child
   end-policy-map
  policy-map TEST-POLICY-child
   class qos7
    police rate percent 20
    priority level 1
   class qos5
    police rate percent 40
    priority level 2
   class qos6
    bandwidth remaining percent 20
   class qos3
    bandwidth remaining percent 20
   class qos2
    bandwidth remaining percent 20
   class qos1
    bandwidth remaining percent 20
   class qos0
    bandwidth remaining percent 20
   class class-default
   end-policy-map

• "securely" use one ethernet interface for WAN and other for the LAN

  I am reconfiguring our dual 2.7 Intel Xserve running MacOSXServer 10.5.4, and had a question.
  Is it possible (or advisable) to use en0 to perform LAN services, and then configure en1 to only allow access to very limited service. VPN, FTP, CALDAV and later Mail.
  I imagine that this is possible via a firewall configuration, but first I do not know how to specify interface in addition to ports, and second I don't know how advisable this would be.
  Currently I have a DSL package from ATT with 5 static IP addresses. I have an Airport Extreme set up as one of those addresses providing DHCP and NAT to the LAN. I am using the LAN ports on the back of that to bridge my three switches (2 managed [clients and oce print server 100 base-T] and 1 unmanaged [ laser printers and copier 10 base-T]).
  I have the LAN based on 192.168.0.x, with the Xserve at 192.168.0.5. I have DNS configured and working (Thank you Antonio Rocco)
  I have 20 LAN clients, 18 mac 1 PC and one PC via Parallels. I will have no more than 1 or 2 WAN clients at any one time
  I provide AFP, SMB, Directory Services currently. As part of the reconfigure, I desire to take better advantage of the collaboration tools to provide wikis and CALDAV services. I also want to allow our employees to publish their individual calendars, so that they can subscribe to them at home, or vice versa.
  I would like to configure VPN, one for me to access configurations when I am away using Remote Desktop (I have used command line to some extent, but still feel more comfortable with the GUI tools) and second for limited access to content for certain users.
  It would also be very helpful for us to have a FTP site. It is unnecessary for this the be a FQDN service, sending the IP address is perfectly acceptable as we only use a service like this 10-15 times a year.
  (Related but unimportant in the grand scheme, is there a way to generate a link to the FTP server that you could email that not only is a link, but also a temporary username and password?)
  Thank you in advance,
  Ion Webster

  First, I missed a zero in the network speeds, I have two managed GbE switches that have all of the GbE capable machines connected to them, and an unmanaged GbE switch that has all the 10 or 100Base-T connections. My apologies for the mistake. That was one of the reasons I went with the GbE capable Airport to bridge the switches.
  Ok, I had been leaning towards a separate hardware firewall, but here is also where there is a hole in my knowledge. Do I need to look at something like the Linksys RVS4000 which bills itself as a +"4-Port Gigabit Security Router with VPN. Secure, smart Gigabit networking for growing business"+ I would like easy configuration, as I take care of these systems in addition to my job, rather than full time. This will be the first time I have set up a VPN connection, so even though I have spent a lot of time researching the manuals, and reading Schoun Regan (Apple Training Series) I don't have real world experience here. So if I buy more hardware, I want it to be the product that will provide the protection, and also allow me to configure it so that I can get these services running. All my VPN clients are running Macs, most on an AIrport connection and have their IP ranges in the 10.0.1.x range. all but one is on OS 10.5.x so I have a fairly homogeneous set of machines to make work together.
  I will review the links you provided regarding static routing, but I do believe the hardware solution is a better one, and wish to pursue it, for all the reasons you give, and that in the brief perusal of the links, it is more than I want to tackle.
  As far as FTP vs sFTP, I have no preference. I simply want a way to have online storage for transfer of large files on occasion. Ideally I want a folder, or a series of folders that are accessible for my LAN users to put items in and take them out, and for my (s)FTP users to do the same
  So long story short, the hardware solution I would like to purchase, I need to be able to do the following:
  VPN connections for content access and ARD access ( knew about and will ensure differing IP ranges)
  (s)FTP
  Calendar publishing
  mail(at a later time)
  Thank you for your help thus far.
  Ion Webster

• I synced my iphone 5 with my computer and save all the photos to my phone through itunes. i restored my mac and lost all my photos on the mac but i still have them on my phone. how do i get them on my new mac now?

  i synced my iphone 5 with my computer and save all the photos to my phone through itunes. i restored my mac and lost all my photos on the mac but i still have them on my phone. how do i get them on my new mac now?

  how do i get them on my new mac now?
  Be careful, when you connect the iPhone to your mac, unless you have saved the photos. Synced photos may easily  be accidentally deleted by syncing again. And do not enable iCloud Photo  Library (Beta), that will erase synced photos as well.  Synced Photos are not included in the device backups.
  Set your iTunes Preferences to "Devices > Prevent iPos, iPhones, iPads from syncing automatically".  Otherwise iTunes may launch and sync your iPhone with an empty iPhoto library the moment you connect it.
  Unfortunately, it is not possible to sync the synced photos back. Apple recommends to mail them back, but that would be a lot of clicking (iTunes: Syncing photos - Apple Support). You could also share them to a Shared Album, but a third party app like TD recommended, will be better.

• Replace a 2003 (not R2) File Server with a 2012R2 files server and preferably keep the same machine name and IP when finished

  I am wanting to replace a 2003 (not R2) File Server with a 2012R2 file server and preferably keep the same machine name and IP when finished.  For the moment I just need some "high level" guidance, little details can be worked out once I know
  which direction I will go.  I was considering that DFS might be a way to help get through the process although when finished the 2012R2 Files server will be by itself with no other file server planned at this time.  DFS can stay installed for maybe
  future purposes but clearly I wouldn't need the DFS Replication with only one machine.
  Here's a few details of the environment....
  1.  DC's are 2012R2 but it is still 2003 DFL because the old 2003 DCs are still present.  But likely they will be gone and the DFL elevated before I start on the File Server project
  2. Nearly all machines in the facility have a shortcut on the "All Users" Desktop that points to the existing old File Server.  Editing or replacing that shortcut would be a major pain,...hence why I want to keep the same machine name at least,
  and maybe the same IP if not too much trouble.  This way the existing shortcut would continue to work with the new 2012R2 File Server.  The UNC path represented in that shortcut is also configured into one or more of our major business applications,
  futher emphasizing the need to keep the UNC path the same throughout the process.
  3. The facility runs 24/7/365 but is "light" on weekends.  The political environment is such that there is little to no tolerance for any down time at all.
  4. Would DFS (based from the 2012R2 machine) be a good tool to get where I need to go?
  Thanks for any suggestions.
  Phillip Windell

  Hi Sharon,
  I've done some more reading and have a few new ideas to run past you....
  Yes regular DFS wouldn't help and the Namespace would still be different than how it was with just the old server. However I was thinking DFS Replication could replace the purpose of RoboCopy and it would keep the two locations "in sync" until I was ready
  to flip over to the new server.  DFS Rep can exist independently of a DFS Namespace, so a Namespace is not even needed. It needs a minimum of 2003R2 for the "later & better" DFS Rep but I believe 2003 can do an "in place" upgrade to 2003R2, so I would upgrade
  the old server to 2003R2 first.  As long as the DFS Rep on 2012R2 and 2003R2 will properly interact I think that will work.
  Thanks for the reg info on the Shares.  I'm debating if editing that would reg file would really be much better than manually creating the Shares on the new server while the DFS Replication was doing its job.  I'll probably export that Key as a
  safety move whether I use it or not.
  Once the DFS Rep is fully in sync and the Shares are in place on the new server, I figure I would then:
  1. Remove the DFS Replication Object (optionally remove DFS Services completely)
  2. Rename the old File Server to something else and set it to DHCP
  3. Rename the new File Server to the name I want to use and give it the IP the old server had.
  How does that sound?
  Phillip Windell

• I am running an older airport extreme v7.6.4wireless router with a new netgear rn104 server and cant get the server to show in the MacPro hardware or the on the wireless router

  How do I adjust the settings to get this Netgear server to show and use the Airport Extreme and show up on the hardware of the McPro?

  The server is never going to show on the airport extreme.. it is not wireless.. unless you happen to run v5 airport utility. Most are running v6.
  Is the Netgear setup for dhcp .. the display on the front of the netgear should be showing its IP address.
  What is it??
  What IP is your Mac getting?
  I presume both are plugged into the AE by ethernet.. if not please do so now.
  To open anything but Apple products like AE you open the IP in the browser.. simply type that IP on the front screen of the NAS into your browser. If it doesn't connect you have the setup wrong and something is not using DHCP.. in that case tell me exactly what you are getting.

• 10g Personal edition and DHCP

  When installing the 10gR2 Personal edition of Oracle onto a machine with DHCP, does the need for a loopback adapter to fake a static IP address still apply ?
  I can understand the need for a fixed IP address when installing the server edition (standard or enterprise), but does that also apply to personal edition ?
  Given that the purpose of personal edition is to be installed on workstations, which will almost certainly use DHCP, this would mean everyone wanting to use personal would also need to setup a loopback adapter. Is this so, or does the need for a fixed IP address not apply to personal edition, as it is a single user edition that no one else can connect to ?
  Thanks,
  Andy Mackie

  Bottom line is yes.... at least in my experience.
  I've installed 10G(r1), 10GXpress, and 10Gr2 on a corporate laptop (tiny tablet PC actually) to try to get away from the MS Loopback adapter issue without any success.
  I've found with each one I had to install or configure some loopback adapter and modify the configuration files to use it or I would simply run into the same problems with the IP address at bootup.
  The problem seems to lie in the point of installation with the computer being connected to any network and looking for its own static IP address. This problem is a pain when you want the computer to either be mobile or use a DHCP hosted IP.
  I have tested an proven the solution on over 150 deployed 10G family databases on a deployed farm of mobile computers, if you need any pointers....

• Solaris 10 zone configuration with sysidcfg and dhcp and hostname

  Hi
  Excuse me if I look like a n00b... it's probably because I'm a n00b.
  I've been struggling in the dark for more than 2 days now and I'm wondering if I'm thinking about this all wrong...
  I have stand-alone server where I need to run zones. I want to create zones and automagically configure them at boot (read: by running a script). So here's what I need...
  A zone
  starting from unconfigured state
  whose hostname is not the same as the zone name
  using corporate DHCP to get its IP address
  with DNS config coming from the DHCP server
  registering its address the DNS
  with a preconfigured root password
  (I don't own the corporate DHCP or DNS servers, I can't put my own DHCP or DNS servers on the network.)
  I would lke to create the zone, throw some config at it, then boot the zone and walk away. I am using zones with exclusive-IP. I can construct the zones and manually configure them once they're started to have DHCP, my own name, registered IP address with DNS and everything else I have specified above. But I don't want to do it manually...
  Sysidcfg seems to do some of what I want but not entirely.
  In sysidcfg I can set the root_password, the primary interface using DHCP, DNS server. I can't set a hostname in sysidcfg AND use configure it for DHCP. So the hostname is not what I want it to be after the zone is started and ready to go. The DHCP server is providing the DNS configuration, Solaris does not seem to honour it, but i'll ignore that for the moment.
  I have tried various combinations of using sysidcfg, /etc/nodename, /etc/hostname.+interface+ and /etc/dhcp.+interface+ but I can't find any combination that actually works.
  I can write to the zonestorage/etc/nodename to set the nodename, that works. But it does not match the DHCP address, so I get prompted for a new name service because it can't find a DNS entry for the name.
  I can write to the zonestorage/etc/hostname.+interface+ and /etc/dhcp.+interface+ (to get the system to register its name with the DNS server after getting its DHCP address) but then I get a system with no root password and no DNS configuration, even though they are set in the sysidcfg file.
  I can write a script that gets part of the way using sysidcfg and /etc/... files, then boots the zone and then runs a bunch of voodoo via zlogin commands to fix all the stuff that couldn't be done 'properly', but that's not a 'boot and walk away' environment. I can write a script that uses sysidcfg and hacks around with other files in /etc (like nsswitch.conf, resolv.conf), but that just feels likes a dirty hack to fix something that wasn't done properly in the first place.
  So where am I going wrong and how do I do it right (within the constraints defined)? Why can't I configure, boot and walk away?
  Thanks

  Thanks abrante
  Thanks for your response!
  I don't think the config is messed up after the installation. I think the installation is fine, it's just not what I want :-)
  I'm trying to decouple the zonename from the system name and get DNS registrations working. After installation, a DHCP client can get its hostname from DNS but I'm trying to do it the other way around. I want the DHCP client specify its own hostname, get an address from the DHCP server and then register its hostname with DNS. If the system gets its name from DNS/DHCP then I have to configure those to provide the system name and I don't own the DHCP/DNS infrastructure. These zones are for a development/QA environment, so we create and reconfigure these frequently. Hence the need to specify the system name within the zone and register that name in the DNS.
  I have tried fiddling with the PARAM_REQUEST_LIST but it does not seem to be working as I expect. :-$ Removing 12 did not help with setting the hostname from the system. DNS does not have a registered name for this system anyway, so even if it tried to get a name for this system, it would get nothing.
  I also do want the DHCP to change the DNS server and domain name, but this does not happen even though my dhcpagent includes 6 and 15 in the PARAM_REQUEST_LIST. I still have to set them in the sysidcfg file because it is always ignored in Solaris (S10u8 with 10_Recommended 30-Jul-2010)
  As stated, I know I can hack around with the system after it has booted. But I'm trying to configure the system before it starts and let it take care of itself and not have to touch it. Frankly I'm surprised that the sysidcfg does not allow you to set a hostname name when you are using DHCP, that the default DHCP configuration does not register the system name with the DNS server, and the DNS config from the DHCP response is ignored. Even a sys-unconfiged system requires DNS configuration during initial boot, when I know that the DHCP response contains DNS information.
  FYI: Windows systems using DHCP work as expected in this respect by default, i.e. set system name, use DHCP --> system gets address from corporate DHCP, DNS settings are set from DHCP information, DNS registration is made for system name.
  I'm working around this at the moment... I call my zone by the system name I want, I hardcode the DNS settings in the sysidcfg file and I create the hostname.+nic+ and dhcp.+nic+ files in the zone storage to get the system to register its name with DNS, them boot.
  Edited by: cydonian on Aug 19, 2010 7:45 PM

• Solaris 2.5.1 and DHCP?

  Does Solaris 2.5.1 support DHCP and how do you configure if it does?
  thanks

  OK, this is that I did.
  1. With solaris 2.5.1. boot disk install solaris from CDROM
  2. I do the partition in hard disk, the disk has 3 GB, and make a 940 MB partition for solaris and the rest for Windows
  3. I install solaris in stangalong mode
  4. When I finished solaris installation, it ask me wich partition are going to use to boot de machine.
  5. I format a WINDOWS disk partition to install it.
  6. I transfered the system to the windows partition
  7. Reboot the machine and the solaris still ask me by wich O/S are going to use to boot.
  8. Then, install Windows 95 B version, and when rebbot the machine, the boot manager of salaris dissaper.
  9. With FDISK of windows and put the second partition (solaris) as active, and nothing happens.
  Note: I`m using the solaris partition as second one, i mean that the main partition is Windows (is exactly that I did have it).

• Ip source guard feature and dhcp DHCP scope exhaustion (client spoofs other clients)

  Hi everybody.
  A dhcp server assigns ip adress based on mac address carried by client hardware field in dhcp packets.
  One potential attack is when a rogue host mimics different mac addresses and causes dhcp server to assign the ip addresses until no ip address is left for legitimate host.
  For e.g a host h1 with mac1 has assigned ip address by dhcp server as:
  199.199.199.1 mac1
  Dhcp server has the above entry in its database.
  Using hacking tools such as Yersinia or Gobbler one can create a dhcp discover messages each time creating a different mac for client hardware field in dhcp server thereby causing a dhcp server to assign ip addresses because to dhcp server , these are legitimate dhcp discover messages with each carrying a different mac in client hardware addresses.
  You might say use dhcp snooping and it will prevent that (  dhcp scope exhaustion) and configure the switch to check if src mac matches the client hardware address in dhcp message. But still we can creat spoofed discover messages where src mac in ethernet header will match the client hardware address in dhcp discover message. We still did not overcome the problem.
  You might say use IP source guard feature but will it really prevent that problem from happening?
  Let me illustrate it :
  h1---------f1/1SW---------DHCP server
  Let say we have configured dhcp snooping on sw1 and f1/1 is untrusted port.  The switch has following dhcp binding
  199.199.199.1    mac1   vlan1  f1/1
  Next we configure ip source guard to  validate both src mac and src ip against the dhcp bindings  . When  we configures ip source guard first  , it will allow dhcp communication only so a host can request ip address and a dhcp binding can be built. After that ip source guard will validate src ip or src mac or both against the dhcp binding.depending upon how we configure ip source guard.
  In our case we have configured ip source guard to validate both src mac and src ip against the dhcp binding.
  A dhcp binding is already created as:
  199.199.199.1 mac1 vlan 1 f1/1
  Now using the hacking tools Yersinia or Gobbler on h1, we create our first spoofed dhcp discover message  where src mac=mac2 in ethernet header and  client harware address= mac2 in dhcp discover message. Since switch is configured with ip source guard feature and therefore allows dhcp discover message to pass through. Dhcp server upon receiving the dhcp message assigns another ip address from the pool. Now the dhcp server has following entries:
  199.199.199.1 mac1
  199.199.199.2 mac2.
  We can continue to craft spoofed dhcp discover messages as mentioned above and have dhcp server keep assigning ip addresses until the whole pool is exhausted.
  So my question is how does  ip source guard in conjuction with dhcp snooping prevent this particular attack from happening? ( i.e DHCP scope exhaustion)
  I really appreciate your input.
  thanks and have a great week.

  Thanks Karthikeyan.
  First of all, we gather all the information about the  locations of legitimate dhcp servers in our network. Once we have this information, we will configure the ports used to reach them as trusted. All the ports where end users will connect will be untrusted and therefore subject to dhcp snooping .
  it means if any of user connected in that switch/vlan runs a dhcp  services like vmware for eg. Snooping will prevent the dhcp/bootp  servers connected to that port will not be able to process.
  Yes that is correct. Because dhcp snooping feature will check these ports for the messages usually sent by dhcp server such as dhcp offer, etc. If the end user is running dhcp server using virtual machine, that port should be configured as trusted if it is dertermined  that end user is running a legitimate dhcp server using vm ware.
  When we have the dhcp snooping it prevents the 1st level of hacking  itself. I don't think so it will have any impact on dhcp address  releasing.
  I am sorry. You lost me here. What is 1 level of hacking?
  Dhcp snooping checks for dhcp messages such as dhcp release, dhcp decline.on untrusted port against the dhcp bindings.
  Here is why;
  h1---------SW1-------dhcp server
                 |
               h2
  Let say we don't have dhcp snooping in above attack and  h2 is a legitimate user has already assigned ip address 199.199.199.2 by dhcp server. Thus the dhcp server has an entry:
  199.199.199.2 mac2
  Next we connect rogue user and it gets ip address 199.199.199.1 now the dhcp server has entries:
  199.199.199. 1  mac1
  199.199.199.2   mac2
  Now using hacking tools, h1 create a fake dhcp release message  with  199.199.199.199.2   mac2
  Dhcp server upon receiving this message, will release the ip address and returns it to the pool.
  By using DHCP snooping, switch will peer inside dhcp release message and checks against the binding. If there is conflict, it will drop the message.
  IFor e.g
  If have dhcp snooping configured , then switch will have adhcp binding as:
  199.199.199.1    mac1    vlan 1   f1/1  lease time
  199.199.199.2     mac2    vlan 2    f1/2 lease time.
  If h1 tries to send fake dhcp release with ip address 199.199.199.2    mac2
  Switch will check ip address 199.199.199.2  and mac2 against the binding related to f1/1 . Sw will find a conflict and therefore drops the dhcp release packet.
  Thanks