06-21-2007 06:35 AM - edited 03-05-2019 04:53 PM
I'm enabling DHCP snooping on a 4506 running 12.2(25)EWA4
Snooping appears to be working, the binding table is propagated, and clients can receive ip addresses via DHCP. Rouge DHCP packets are blocked as designed.
However, the client PXE boot process fails.
Any ideas as to why ?
06-21-2007 07:07 AM
I had the same problem once. The PXE boot process would timeout before the switchport went to forwarding status. Make sure that you have spanning-tree portfast enabled on the switchport.
04-29-2008 07:09 AM
Did you solve this? I'm havÃng the same problem except I have this problem with a 2950 and a 3560 and I'm starting to think there could be an issue with the IOS versions
Let me know if you have any ideas, I've tried trusting the port too!
//tyrone
04-30-2008 02:05 AM
I have now solved this myself!
"ip dhcp relay information trust" on the vlan interface
//tyrone
04-30-2008 03:02 AM
Which VLAN interface? The Layer-3 SVI on the 3560? I have just read the documentation on this command and it looks like some DHCP packets are dropped because the gateway address is set to all zero's. I have monitored a PXE boot before and the PXE client sends a 2nd DHCP request (unicast) to the PXE server, I assume it is these packets that are being dropped?
Andy
09-03-2008 06:16 AM
I can't apply that command whilst DHCP snooping is enabled - see below;
DHCP Snooping Configuration Restrictions
When configuring DHCP snooping, note these restrictions:
â¢The DHCP snooping database stores at least 8,000 bindings.
â¢When DHCP snooping is enabled, these Cisco IOS DHCP commands are not available on the switch:
-ip dhcp relay information check global configuration command
-ip dhcp relay information policy global configuration command
-ip dhcp relay information trust-all global configuration command
-ip dhcp relay information option global configuration command
-ip dhcp relay information trusted interface configuration command
If you enter these commands, the switch returns an error message, and the configuration is not applied.
Any ideas? It looks to me as if PXE can't work if you've got DHCP snooping enabled.
Thanks,
Jason Henderson.
09-03-2008 06:45 AM
where are you trying to enter these commands? you have enter them on the SVI interface!
Tyrone
09-03-2008 06:50 AM
It's the SVI interface i'm entering the command on -
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#int vlan1
Switch(config-if)#ip dhcp relay info trust
Can't configure relay information option processing while DHCP snooping is enabled
Switch(config-if)#^Z
Switch#
Thanks,
Jason.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide