DHCP snooping conflicting with PXE boot process

Unanswered Question
Jun 21st, 2007
User Badges:

I'm enabling DHCP snooping on a 4506 running 12.2(25)EWA4

Snooping appears to be working, the binding table is propagated, and clients can receive ip addresses via DHCP. Rouge DHCP packets are blocked as designed.

However, the client PXE boot process fails.

Any ideas as to why ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
jwbarrett Thu, 06/21/2007 - 07:07
User Badges:

I had the same problem once. The PXE boot process would timeout before the switchport went to forwarding status. Make sure that you have spanning-tree portfast enabled on the switchport.

770801tvdhaar Tue, 04/29/2008 - 07:09
User Badges:

Did you solve this? I'm havíng the same problem except I have this problem with a 2950 and a 3560 and I'm starting to think there could be an issue with the IOS versions

Let me know if you have any ideas, I've tried trusting the port too!


770801tvdhaar Wed, 04/30/2008 - 02:05
User Badges:

I have now solved this myself!

"ip dhcp relay information trust" on the vlan interface


andrew.butterworth Wed, 04/30/2008 - 03:02
User Badges:
  • Gold, 750 points or more

Which VLAN interface? The Layer-3 SVI on the 3560? I have just read the documentation on this command and it looks like some DHCP packets are dropped because the gateway address is set to all zero's. I have monitored a PXE boot before and the PXE client sends a 2nd DHCP request (unicast) to the PXE server, I assume it is these packets that are being dropped?


jason.henderson Wed, 09/03/2008 - 06:16
User Badges:

I can't apply that command whilst DHCP snooping is enabled - see below;

DHCP Snooping Configuration Restrictions

When configuring DHCP snooping, note these restrictions:

•The DHCP snooping database stores at least 8,000 bindings.

•When DHCP snooping is enabled, these Cisco IOS DHCP commands are not available on the switch:

-ip dhcp relay information check global configuration command

-ip dhcp relay information policy global configuration command

-ip dhcp relay information trust-all global configuration command

-ip dhcp relay information option global configuration command

-ip dhcp relay information trusted interface configuration command

If you enter these commands, the switch returns an error message, and the configuration is not applied.

Any ideas? It looks to me as if PXE can't work if you've got DHCP snooping enabled.


Jason Henderson.

770801tvdhaar Wed, 09/03/2008 - 06:45
User Badges:

where are you trying to enter these commands? you have enter them on the SVI interface!


jason.henderson Wed, 09/03/2008 - 06:50
User Badges:

It's the SVI interface i'm entering the command on -

Switch#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#int vlan1

Switch(config-if)#ip dhcp relay info trust

Can't configure relay information option processing while DHCP snooping is enabled






This Discussion