Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1779
Views
0
Helpful
1
Replies

PVLAN w/ DHCP snooping

Go to solution
jdevoll
Level 1
Level 1

‎09-04-2007 08:31 PM - edited ‎03-05-2019 06:16 PM

I am trying to get DHCP snooping working with private VLANs...so far no luck.

VLAN 2 is the primary VLAN, VLAN 50 is a secondary isolated, and VLAN 51 is a secondary community. When DHCP snooping is enabled I cannot get a DHCP address. When it is disabled everything seems to work fine.

Please see the attached config and debug output. Any pointers would be greatly appreciated.

00:07:22: DHCP_SNOOPING: received new DHCP packet from input interface (FastEthernet0/10)

00:07:22: DHCP_SNOOPING: process new DHCP packet, message type: DHCPDISCOVER, input interface: Fa0/10, MAC da: ffff.ffff.ffff, MAC sa: 000e.7b5e.3ef0, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 000e.7b5e.3ef0

00:07:22: DHCP_SNOOPING_SW: the packet's incoming vlan (51) is secondary, it will be bridged on the primary vlan (2).

00:07:22: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (2)

00:07:22: DHCP_SNOOPING_SW: bridge packet send packet to cpu port: Vlan2.

00:07:25: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Fa0/10 for pak. Was Vl2

00:07:25: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Vl2 for pak. Was Fa0/10

00:07:25: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Fa0/10 for pak. Was Vl2

Switch#show ip dhcp snooping stat

Packets Forwarded = 11

Packets Dropped = 0

Packets Dropped From untrusted ports = 0

Thank you.

Labels:
Preview file
5 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ebreniz
Level 6
Level 6

‎09-10-2007 02:05 PM

You must enable DHCP snooping separately on the primary and secondary (isolated or community) private VLANs (PVLANs). The DHCP-snooping binding table contains binding information about the primary VLAN only and not the secondary VLANs. If you enable DHCP snooping on a PVLAN and not on the secondary VLAN, the DHCP-snooping binding table entries are not added, even though the packet is seen on the PVLAN.

For more information please click following URL:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/catos/8.x/configuration/guide/dhcp.html#wp1104223

View solution in original post

0 Helpful
1 Reply 1

Go to solution
ebreniz
Level 6
Level 6

‎09-10-2007 02:05 PM

You must enable DHCP snooping separately on the primary and secondary (isolated or community) private VLANs (PVLANs). The DHCP-snooping binding table contains binding information about the primary VLAN only and not the secondary VLANs. If you enable DHCP snooping on a PVLAN and not on the secondary VLAN, the DHCP-snooping binding table entries are not added, even though the packet is seen on the PVLAN.

For more information please click following URL:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/catos/8.x/configuration/guide/dhcp.html#wp1104223

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card