DHCP snooping conflicting with PXE boot process

Unanswered Question
Jun 21st, 2007

I'm enabling DHCP snooping on a 4506 running 12.2(25)EWA4

Snooping appears to be working, the binding table is propagated, and clients can receive ip addresses via DHCP. Rouge DHCP packets are blocked as designed.

However, the client PXE boot process fails.

Any ideas as to why ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
jwbarrett Thu, 06/21/2007 - 07:07

I had the same problem once. The PXE boot process would timeout before the switchport went to forwarding status. Make sure that you have spanning-tree portfast enabled on the switchport.

770801tvdhaar Tue, 04/29/2008 - 07:09

Did you solve this? I'm havíng the same problem except I have this problem with a 2950 and a 3560 and I'm starting to think there could be an issue with the IOS versions

Let me know if you have any ideas, I've tried trusting the port too!

//tyrone

770801tvdhaar Wed, 04/30/2008 - 02:05

I have now solved this myself!

"ip dhcp relay information trust" on the vlan interface

//tyrone

andrew.butterworth Wed, 04/30/2008 - 03:02

Which VLAN interface? The Layer-3 SVI on the 3560? I have just read the documentation on this command and it looks like some DHCP packets are dropped because the gateway address is set to all zero's. I have monitored a PXE boot before and the PXE client sends a 2nd DHCP request (unicast) to the PXE server, I assume it is these packets that are being dropped?

Andy

jason.henderson Wed, 09/03/2008 - 06:16

I can't apply that command whilst DHCP snooping is enabled - see below;

DHCP Snooping Configuration Restrictions

When configuring DHCP snooping, note these restrictions:

•The DHCP snooping database stores at least 8,000 bindings.

•When DHCP snooping is enabled, these Cisco IOS DHCP commands are not available on the switch:

-ip dhcp relay information check global configuration command

-ip dhcp relay information policy global configuration command

-ip dhcp relay information trust-all global configuration command

-ip dhcp relay information option global configuration command

-ip dhcp relay information trusted interface configuration command

If you enter these commands, the switch returns an error message, and the configuration is not applied.

Any ideas? It looks to me as if PXE can't work if you've got DHCP snooping enabled.

Thanks,

Jason Henderson.

770801tvdhaar Wed, 09/03/2008 - 06:45

where are you trying to enter these commands? you have enter them on the SVI interface!

Tyrone

jason.henderson Wed, 09/03/2008 - 06:50

It's the SVI interface i'm entering the command on -

Switch#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#int vlan1

Switch(config-if)#ip dhcp relay info trust

Can't configure relay information option processing while DHCP snooping is enabled

Switch(config-if)#^Z

Switch#

Thanks,

Jason.

Actions

Login or Register to take actions

This Discussion

Posted June 21, 2007 at 6:35 AM
Stats:
Replies:7 Avg. Rating:5
Views:1641 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard

Rank Username Points
1 15,007
2 8,155
3 7,740
4 7,083
5 6,742
Rank Username Points
140
75
73
64
40