cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7121
Views
5
Helpful
7
Replies

DHCP snooping conflicting with PXE boot process

cwainwright
Level 1
Level 1

I'm enabling DHCP snooping on a 4506 running 12.2(25)EWA4

Snooping appears to be working, the binding table is propagated, and clients can receive ip addresses via DHCP. Rouge DHCP packets are blocked as designed.

However, the client PXE boot process fails.

Any ideas as to why ?

7 Replies 7

jwbarrett
Level 1
Level 1

I had the same problem once. The PXE boot process would timeout before the switchport went to forwarding status. Make sure that you have spanning-tree portfast enabled on the switchport.

770801tvdhaar
Level 1
Level 1

Did you solve this? I'm havíng the same problem except I have this problem with a 2950 and a 3560 and I'm starting to think there could be an issue with the IOS versions

Let me know if you have any ideas, I've tried trusting the port too!

//tyrone

I have now solved this myself!

"ip dhcp relay information trust" on the vlan interface

//tyrone

Which VLAN interface? The Layer-3 SVI on the 3560? I have just read the documentation on this command and it looks like some DHCP packets are dropped because the gateway address is set to all zero's. I have monitored a PXE boot before and the PXE client sends a 2nd DHCP request (unicast) to the PXE server, I assume it is these packets that are being dropped?

Andy

I can't apply that command whilst DHCP snooping is enabled - see below;

DHCP Snooping Configuration Restrictions

When configuring DHCP snooping, note these restrictions:

•The DHCP snooping database stores at least 8,000 bindings.

•When DHCP snooping is enabled, these Cisco IOS DHCP commands are not available on the switch:

-ip dhcp relay information check global configuration command

-ip dhcp relay information policy global configuration command

-ip dhcp relay information trust-all global configuration command

-ip dhcp relay information option global configuration command

-ip dhcp relay information trusted interface configuration command

If you enter these commands, the switch returns an error message, and the configuration is not applied.

Any ideas? It looks to me as if PXE can't work if you've got DHCP snooping enabled.

Thanks,

Jason Henderson.

where are you trying to enter these commands? you have enter them on the SVI interface!

Tyrone

It's the SVI interface i'm entering the command on -

Switch#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#int vlan1

Switch(config-if)#ip dhcp relay info trust

Can't configure relay information option processing while DHCP snooping is enabled

Switch(config-if)#^Z

Switch#

Thanks,

Jason.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: