I configured DHCP snooping on our Catalyst 2950 & 2960 series switches.
The feature is running for about 2 weeks and everything seems to be working fine but the "show ip dhcp snooping stat" command shows that a high percentage the DHCP packets are being dropped by the switches.
An example : Router -> Switch1 -> Switch2 (sw-jeroen2)
The switches connected to the router have the following DHCP snooping configuration.
"ip dhcp snooping vlan 39
no ip dhcp snooping information option
ip dhcp snooping"
All trunk (uplink) ports are configured as trusted ports.
There is no specific DHCP snooping configuration on the router.
I disconnected a host on sw-jeroen2 fa0/1 that allready received an IP-address and the binding in the dhcp snooping binding table was made correctly.
At reconnect to the same port the host requests its old IP-address.
I ran a debug on the switch, attachement : debug.txt
The issue :
The switch always seems to drop the first DHCP ACKs from the DHCP server.
âcan't find output interface for dhcp reply. the message is droppedâ
Why is that? The switch already learned the MAC address on fa0/1 from the DHCP REQUEST. Why does it not forward the DHCP ACK from the server to the client?
Consequence of this is that the first replies from the DHCP server never arrive a the client port.
What can I do about it?
Thanks in advance.