09-04-2007 08:31 PM - edited 03-05-2019 06:16 PM
I am trying to get DHCP snooping working with private VLANs...so far no luck.
VLAN 2 is the primary VLAN, VLAN 50 is a secondary isolated, and VLAN 51 is a secondary community. When DHCP snooping is enabled I cannot get a DHCP address. When it is disabled everything seems to work fine.
Please see the attached config and debug output. Any pointers would be greatly appreciated.
00:07:22: DHCP_SNOOPING: received new DHCP packet from input interface (FastEthernet0/10)
00:07:22: DHCP_SNOOPING: process new DHCP packet, message type: DHCPDISCOVER, input interface: Fa0/10, MAC da: ffff.ffff.ffff, MAC sa: 000e.7b5e.3ef0, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 000e.7b5e.3ef0
00:07:22: DHCP_SNOOPING_SW: the packet's incoming vlan (51) is secondary, it will be bridged on the primary vlan (2).
00:07:22: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (2)
00:07:22: DHCP_SNOOPING_SW: bridge packet send packet to cpu port: Vlan2.
00:07:25: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Fa0/10 for pak. Was Vl2
00:07:25: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Vl2 for pak. Was Fa0/10
00:07:25: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Fa0/10 for pak. Was Vl2
Switch#show ip dhcp snooping stat
Packets Forwarded = 11
Packets Dropped = 0
Packets Dropped From untrusted ports = 0
Thank you.
Solved! Go to Solution.
09-10-2007 02:05 PM
You must enable DHCP snooping separately on the primary and secondary (isolated or community) private VLANs (PVLANs). The DHCP-snooping binding table contains binding information about the primary VLAN only and not the secondary VLANs. If you enable DHCP snooping on a PVLAN and not on the secondary VLAN, the DHCP-snooping binding table entries are not added, even though the packet is seen on the PVLAN.
For more information please click following URL:
09-10-2007 02:05 PM
You must enable DHCP snooping separately on the primary and secondary (isolated or community) private VLANs (PVLANs). The DHCP-snooping binding table contains binding information about the primary VLAN only and not the secondary VLANs. If you enable DHCP snooping on a PVLAN and not on the secondary VLAN, the DHCP-snooping binding table entries are not added, even though the packet is seen on the PVLAN.
For more information please click following URL:
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide