01-17-2008 11:03 AM - edited 03-05-2019 08:32 PM
Hi,
I activated dhcp snooping on my test envirament (C3550 Software C3550-I9Q3L2-M), Version 12.1(20)EA1a, RELEASE SOFTWARE (fc1)
The first IP request coming from a desktop was successful. It got a valid ip. The release worked also fine.
The new ip request and the all other failed.
Here is the debug log (I included my comments)
'Ipconfig /renew
001483: *Mar 10 01:14:38: DHCP_SNOOPING: received new DHCP packet from input interface (FastEthernet0/9)
001484: *Mar 10 01:14:38: DHCP_SNOOPING: process new DHCP packet, message type: DHCPREQUEST
001485: *Mar 10 01:14:38: DHCP_SNOOPING_SW: Encoding opt82 in vlan-mod-port format
001486: *Mar 10 01:14:38: DHCP_SNOOPING_SW: bridge packet send packet to port: GigabitEthernet0/1.
001487: *Mar 10 01:14:38: DHCP_SNOOPING: received new DHCP packet from input interface (GigabitEthernet0/1)
001488: *Mar 10 01:14:38: DHCP_SNOOPING: process new DHCP packet, message type: DHCPACK
001489: *Mar 10 01:14:38: DHCP_SNOOPING: direct forward dhcp reply to output port: FastEthernet0/9.
'the desktop successfully got IP
'ipconfig /release
001490: *Mar 10 01:15:00: DHCP_SNOOPING: received new DHCP packet from input interface (FastEthernet0/
001491: *Mar 10 01:15:00: DHCP_SNOOPING: process new DHCP packet, message type: DHCPRELEASE
001492: *Mar 10 01:15:00: DHCP_SNOOPING_SW: Encoding opt82 in vlan-mod-port format
001493: *Mar 10 01:15:00: DHCP_SNOOPING_SW: bridge packet send packet to port: GigabitEthernet0/1.
'succesfully ip release
'ipconfig /renew
001494: *Mar 10 01:15:05: DHCP_SNOOPING: received new DHCP packet from input interface (FastEthernet0/9)
001495: *Mar 10 01:15:05: DHCP_SNOOPING: process new DHCP packet, message type: DHCPDISCOVER
001496: *Mar 10 01:15:05: DHCP_SNOOPING_SW: Encoding opt82 in vlan-mod-port format
001497: *Mar 10 01:15:05: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (100)
001498: *Mar 10 01:15:09: DHCP_SNOOPING: received new DHCP packet from input interface (FastEthernet0/9)
001499: *Mar 10 01:15:09: DHCP_SNOOPING: process new DHCP packet, message type: DHCPDISCOVER
001500: *Mar 10 01:15:09: DHCP_SNOOPING_SW: Encoding opt82 in vlan-mod-port format
001501: *Mar 10 01:15:09: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN
Thanks for help.
Csaba
01-18-2008 06:09 AM
the switch is running really old code. I'd suggest upgrading to at least 12.2(25)SE.
May be a bug with dhcp snooping.
01-18-2008 09:18 AM
Karundi thanks for your message.
I upgraded the IOS to 12.2(25)SEB4, but no progress. The issue persist.
Here is the log
00:08:13: DHCP_SNOOPING: received new DHCP packet from input interface (FastEthernet0/2)
00:08:13: DHCP_SNOOPING: process new DHCP packet, message type: DHCPDISCOVER, input interface: Fa0/2, MAC da: ffff.ffff.ffff, Msa: 0015.c54f.73f5, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, Dgiaddr: 0.0.0.0, DHCP chaddr: 0015.c54f.73f5
00:08:13: DHCP_SNOOPING: add relay information option.
00:08:13: DHCP_SNOOPING_SW: Encoding opt82 in vlan-mod-port format
00:08:13: DHCP_SNOOPING: binary dump of relay info option, length: 20 data:
0x52 0x12 0x1 0x6 0x0 0x4 0x0 0x1E 0x0 0x1 0x2 0x8 0x0 0x6 0x0 0x11 0xBB 0x6C 0x22 0x80
00:08:13: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (30)
00:08:13: DHCP_SNOOPING_SW: bridge packet send packet to port: FastEthernet0/1.
00:08:13: DHCP_SNOOPING_SW: bridge packet send packet to port: FastEthernet0/3.
00:08:29: DHCPSN: DHCP packet being sent to PI snooping process
00:08:29: DHCP_SNOOPING: received new DHCP packet from input interface (FastEthernet0/2)
.......................................................
Switch#sh ip dhcp snooping
Switch DHCP snooping is enabled
DHCP snooping is configured on following VLANs:
30
Insertion of option 82 is enabled
Option 82 on untrusted port is not allowed
Verification of hwaddr field is enabled
Interface Trusted Rate limit (pps)
------------------------ ------- ----------------
FastEthernet0/1 yes unlimited
FastEthernet0/3 yes unlimited
01-18-2008 10:52 AM
the message "packet is flooded to ingress vlan" means that the dhcp discover frame is forwarded out faethernet 0/1 and fa0/3.
Can you confirm that your dhcp server or dhcp relay agent which should be connected to either fa0/1 or fa0/3 got the frame ?
01-18-2008 11:13 AM
Can you first try disabling Option 82 insertion
(global mode)
no ip dhcp snooping information option
see if it works now ...
01-18-2008 01:06 PM
Unless your DHCP server understand the Option 82 stuff you need to disable it. Windows 2000/2003 DHCP Server doesn't work with option 82 enabled
HTH
Andy
01-21-2008 03:01 AM
Hi,
I disabled the option 82 end it solved the problem. My dhcp server is Windows 2000.
I tested a Windows 2008 dhcp server and it seems that it supports this option.
Here is the logs.
'ipconfig /release
02:17:56: DHCPSN: DHCP packet being sent to PI snooping process
02:17:56: DHCP_SNOOPING: received new DHCP packet from input interface (FastEthernet0/2)
02:17:56: DHCP_SNOOPING: process new DHCP packet, message type: DHCPRELEASE, input interface: Fa0/2, MAC da: 0012.3f4d.f3d3, MAC s
a: 0015.c54f.73f5, IP da: 10.18.16.2, IP sa: 10.18.16.90, DHCP ciaddr: 10.18.16.90, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DH
CP giaddr: 0.0.0.0, DHCP chaddr: 0015.c54f.73f5
02:17:56: DHCP_SNOOPING: add relay information option.
02:17:56: DHCP_SNOOPING_SW: Encoding opt82 in vlan-mod-port format
02:17:56: DHCP_SNOOPING: binary dump of relay info option, length: 20 data:
0x52 0x12 0x1 0x6 0x0 0x4 0x0 0x1E 0x0 0x1 0x2 0x8 0x0 0x6 0x0 0x11 0xBB 0x6C 0x22 0x80
02:17:56: DHCP_SNOOPING_SW: bridge packet send packet to port: FastEthernet0/3.
'ipconfig /renew
02:18:43: DHCPSN: DHCP packet being sent to PI snooping process
02:18:43: DHCP_SNOOPING: received new DHCP packet from input interface (FastEthernet0/2)
02:18:43: DHCP_SNOOPING: process new DHCP packet, message type: DHCPDISCOVER, input interface: Fa0/2, MAC da: ffff.ffff.ffff, MAC
sa: 0015.c54f.73f5, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP
giaddr: 0.0.0.0, DHCP chaddr: 0015.c54f.73f5
02:18:43: DHCP_SNOOPING: add relay information option.
02:18:43: DHCP_SNOOPING_SW: Encoding opt82 in vlan-mod-port format
02:18:43: DHCP_SNOOPING: binary dump of relay info option, length: 20 data:
0x52 0x12 0x1 0x6 0x0 0x4 0x0 0x1E 0x0 0x1 0x2 0x8 0x0 0x6 0x0 0x11 0xBB 0x6C 0x22 0x80
02:18:43: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (30)
02:18:43: DHCP_SNOOPING_SW: bridge packet send packet to port: FastEthernet0/3.
02:18:44: DHCPSN: DHCP packet being sent to PI snooping process
02:18:44: DHCP_SNOOPING: received new DHCP packet from input interface (FastEthernet0/3)
02:18:44: DHCP_SNOOPING: process new DHCP packet, message type: DHCPOFFER, input interface: Fa0/3, MAC da: ffff.ffff.ffff, MAC sa:
0012.3f4d.f3d3, IP da: 255.255.255.255, IP sa: 10.18.16.2, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 10.18.16.90, DHCP siaddr: 10.18.16.
2, DHCP giaddr: 0.0.0.0, DHCP chaddr: 0015.c54f.73f5
02:18:44: DHCP_SNOOPING: direct forward dhcp reply to output port: FastEthernet0/2.
............
Thank you for all who replayed to my post.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: