08-28-2008 11:33 AM - edited 03-06-2019 01:03 AM
Looked over the documentation and most of the DHCP snooping posts here, but have yet to see a scenario such as the one that I'm getting ready to roll outâ¦wanna get it correct the 1st time.
Here's what it looks likeâ¦
â¢Hub / Spoke topology
â¢Hub and Spoke tied together w/ Gigaman and EIGRP (not extending VLAN's over WAN)
â¢Gigaman is hooked into a 6500 at the hub location w/ the DHCP servers hanging off of it - directly connected
â¢Spoke rails will get DHCP from Hub
â¢DHCP snooping is NOT configured at hub or spoke today
â¢Want to enable snooping at spoke
spoke-switch (config)# ip dhcp snooping
spoke-switch (config)# ip dhcp snooping vlan x
spoke-switch (config)# ip dhcp snooping information option
spoke-switch (config-if)# ip dhcp snooping trust ïL2 trunk or DHCP server port
Questionsâ¦
1.)I saw a post that mentioned not using the command 'ip dhcp snooping information option' if I use Windows 2003 DHCP server. Is this correct?
2.)Do I need to configure 'ip dhcp snooping trust' over the /30 access port between the HUB and Spoke?
3.)Do I need to configure anything related to DHCP snooping at the hub? I will be dragging this Gigaman WAN connection into a 6500 - the same 6500 that the DHCP server is connected to.
Thank You,
scott
08-28-2008 04:35 PM
1. That is correct. Use 'no ip dhcp snooping information option'.
2. I don't believe this is true, but I am not 100% positive. You can always configure it and leave it there, since it doesn't matter. All the trust command really does is say 'my DHCP server is upstream from this port, so trust all DHCP packets seen'.
3. Not necessarily. Only if you have end users on your 6500 and you want to have the protection from rogue DHCP servers, or if you are using other security features that rely on DHCP Snooping.
08-28-2008 05:08 PM
2) any upling, trunk or connection between switches must be configured as a dhcp snooping trust
on both sides in ur case hub and spok ports
3)in the hub u just need to make the port connected to the spok as trusted and the port conncted to the dhcp as trusted too,
good luck
please, if helpful Rate
09-02-2008 06:46 AM
Jason/Marwan, thank you for the feedback!
Marwan, do I assume I need to configure the dhcp snooping global commands at the hub location if I'm going to use the trust command on the DHCP server port? Is that correct?
Thank you!
scott
09-02-2008 04:29 PM
u need to enable it sure on the hub site as well
and trust dhcp server port
and any uplink switch-to-switch links aswell
good luck:)
09-02-2008 06:33 PM
You really do not need to configure DHCP snooping at the hub/core if you don't want to. You would only need to do so if you had the threat of rogue DHCP servers to deal with that would be present in the core. And you only trust uplinks that go towards the DHCP servers from the edge switches/spoke, not the other way.
09-02-2008 09:19 PM
hi JASON
if he dose not enable the dhcp snooping on the server side and do it on ly on the client side
this technology will be done as half of it
the idea of dhcp snooping to untrus all port except dhcp server and uplink connections between switches to avoid any rouge dhcp server
so in this case it should be enabled on the hub/server side as well
thank you
09-04-2008 11:07 AM
If the hub is a data center does not have any end user hosts, or threats of rogue DHCP servers, then DHCP snooping does not need to be enabled there. If the hub also has clients like workstations, etc there there is a threat, then by all means use DHCP snooping to mitigate that threat. But to say that DHCP snooping needs to be enabled on every switch in the network to provide protection is false.
Another example is distribution layer switches that provide connectivity to the core for the edge devices. DHCP snooping does not need to be enabled on a distribution switch. The edge switches are doing all work in that case.
06-13-2012 03:20 AM
Hi,
Just bringing this topic up again as i have a similar setup in my Network with L3 between the user switch and the distribution/core switch and the real DHCP server hanging off from the Core. But I am having an issue where i cannot stop a rogue DHCP server connected to one of the DHCP client VLAN from giving out IP address leases to clients within the same VLAN.
The DHCP snooping has been enabled globally with the user vlans specified in the DHCP snooping. The users on a different VLAN to the one where a rogue DHCP server is connected in to are able to obtain an IP address lease from the correct 'real' DHCP server with the helper address defined in the L3 interface.
Has anyone come accross the same issue and can shed any light on this please?
Many Thanks,
Philip
06-13-2012 06:52 AM
Strange. Are you sure the port where your server is configured as "untrusted" ...?
06-13-2012 07:15 AM
Hi,
Yes, the port which the rogue server is connected to is set as untrusted.
Here is the configuration of the port it is connected to:
interface FastEthernet1/0/43
description DHCP Subnet 1
switchport access vlan 11
switchport mode access
switchport port-security maximum 3
switchport port-security aging time 1440
switchport port-security violation restrict
switchport port-security aging type inactivity
no logging event link-status
no snmp trap link-status
spanning-tree portfast
spanning-tree bpduguard enable
ip dhcp snooping limit rate 100
end
06-13-2012 07:42 AM
Did you try debug commands to see what happens?
For example:
debug ip dhcp snooping events
debug ip dhcp packets
06-13-2012 08:30 AM
Here is the output below.
The rogue dhcp server is on port fa1/0/43 and is sending out dhcpinform packets in the range of 192.168.1.x
There's nothing in the logs showing the dhcp snooping stopping the dhcp packets from this port. The first dhcpinform packets you can see is at Jun 08:51:57.756 from the rogue device.
Jun 12 08:51:57.756 UTC: DHCP_SNOOPING: process new DHCP packet, message type: DHCPINFORM, input interface: Fa1/0/43, MAC da: ffff.ffff.ffff, MAC sa: e411.5b38.0257, IP da: 255.255.255.255, IP sa: 192.168.1.2, DHCP ciaddr: 192.168.1.2, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: e411.5b38.0257
Jun 12 08:51:57.756 UTC: DHCP_SNOOPING: add relay information option.
Jun 12 08:51:57.756 UTC: DHCP_SNOOPING_SW: Encoding opt82 in vlan-mod-port format
Jun 12 08:51:57.756 UTC: DHCP_SNOOPING: binary dump of relay info option, length: 20 data:
0x52 0x12 0x1 0x6 0x0 0x4 0x0 0xB 0x1 0x2F 0x2 0x8 0x0 0x6 0x0 0x22 0xBE 0xED 0xE 0x80
Jun 12 08:51:57.756 UTC: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (11)
Jun 12 08:51:57.756 UTC: DHCP_SNOOPING_SW: bridge packet send packet to cpu port: Vlan11.
Jun 12 08:52:16.680 UTC: DHCP_SNOOPING: received new DHCP packet from input interface (FastEthernet1/0/22)
Jun 12 08:52:16.680 UTC: DHCP_SNOOPING: process new DHCP packet, message type: DHCPINFORM, input interface: Fa1/0/22, MAC da: ffff.ffff.ffff, MAC sa: 4487.fc49.da80, IP da: 255.255.255.255, IP sa: 10.241.68.141, DHCP ciaddr: 10.241.68.141, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 4487.fc49.da80
Jun 12 08:52:16.680 UTC: DHCP_SNOOPING: add relay information option.
Jun 12 08:52:16.680 UTC: DHCP_SNOOPING_SW: Encoding opt82 in vlan-mod-port format
Jun 12 08:52:16.680 UTC: DHCP_SNOOPING: binary dump of relay info option, length: 20 data:
0x52 0x12 0x1 0x6 0x0 0x4 0x0 0xB 0x1 0x18 0x2 0x8 0x0 0x6 0x0 0x22 0xBE 0xED 0xE 0x80
Jun 12 08:52:16.680 UTC: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (11)
Jun 12 08:52:16.680 UTC: DHCP_SNOOPING_SW: bridge packet send packet to cpu port: Vlan11.
Jun 12 08:52:16.689 UTC: DHCP_SNOOPING: received new DHCP packet from input interface (Vlan11)
Jun 12 08:52:16.689 UTC: DHCP_SNOOPING: process new DHCP packet, message type: DHCPACK, input interface: Vl11, MAC da: 4487.fc49.da80, MAC sa: 0022.beed.0ec3, IP da: 10.241.68.141, IP sa: 10.241.68.66, DHCP ciaddr: 10.241.68.141, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 10.241.68.129, DHCP chaddr: 4487.fc49.da80
Jun 12 08:52:16.689 UTC: DHCP_SNOOPING: intercepted DHCPACK with no DHCPOPT_LEASE_TIME option field, packet is still forwarded but no snooping binding update is performed.
Jun 12 08:52:16.697 UTC: DHCP_SNOOPING: direct forward dhcp reply to output port: FastEthernet1/0/22.
Jun 12 08:52:25.958 UTC: DHCP_SNOOPING: received new DHCP packet from input interface (FastEthernet1/0/43)
Jun 12 08:52:25.958 UTC: DHCP_SNOOPING: process new DHCP packet, message type: DHCPDISCOVER, input interface: Fa1/0/43, MAC da: ffff.ffff.ffff, MAC sa: e411.5b38.0257, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: e411.5b38.0257
Jun 12 08:52:25.958 UTC: DHCP_SNOOPING: add relay information option.
Jun 12 08:52:25.958 UTC: DHCP_SNOOPING_SW: Encoding opt82 in vlan-mod-port format
Jun 12 08:52:25.966 UTC: DHCP_SNOOPING: binary dump of relay info option, length: 20 data:
0x52 0x12 0x1 0x6 0x0 0x4 0x0 0xB 0x1 0x2F 0x2 0x8 0x0 0x6 0x0 0x22 0xBE 0xED 0xE 0x80
Jun 12 08:52:25.966 UTC: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (11)
Jun 12 08:52:25.966 UTC: DHCP_SNOOPING_SW: bridge packet send packet to cpu port: Vlan11.
Jun 12 08:52:25.966 UTC: DHCP_SNOOPING: received new DHCP packet from input interface (Vlan11)
Jun 12 08:52:25.966 UTC: DHCP_SNOOPING: process new DHCP packet, message type: DHCPOFFER, input interface: Vl11, MAC da: e411.5b38.0257, MAC sa: 0022.beed.0ec3, IP da: 10.241.68.154, IP sa: 10.241.68.129, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 10.241.68.154, DHCP siaddr: 10.241.68.66, DHCP giaddr: 10.241.68.129, DHCP chaddr: e411.5b38.0257
Jun 12 08:52:25.966 UTC: DHCP_SNOOPING: direct forward dhcp reply to output port: FastEthernet1/0/43.
Jun 12 08:52:25.966 UTC: DHCP_SNOOPING: received new DHCP packet from input interface (FastEthernet1/0/43)
Jun 12 08:52:25.966 UTC: DHCP_SNOOPING: process new DHCP packet, message type: DHCPREQUEST, input interface: Fa1/0/43, MAC da: ffff.ffff.ffff, MAC sa: e411.5b38.0257, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: e411.5b38.0257
Jun 12 08:52:25.966 UTC: DHCP_SNOOPING: add relay information option.
Jun 12 08:52:25.966 UTC: DHCP_SNOOPING_SW: Encoding opt82 in vlan-mod-port format
Jun 12 08:52:25.966 UTC: DHCP_SNOOPING: binary dump of relay info option, length: 20 data:
0x52 0x12 0x1 0x6 0x0 0x4 0x0 0xB 0x1 0x2F 0x2 0x8 0x0 0x6 0x0 0x22 0xBE 0xED 0xE 0x80
Jun 12 08:52:25.966 UTC: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (11)
Jun 12 08:52:25.966 UTC: DHCP_SNOOPING_SW: bridge packet send packet to cpu port: Vlan11.
Jun 12 08:52:25.975 UTC: DHCP_SNOOPING: received new DHCP packet from input interface (Vlan11)
Jun 12 08:52:25.975 UTC: DHCP_SNOOPING: process new DHCP packet, message type: DHCPACK, input interface: Vl11, MAC da: e411.5b38.0257, MAC sa: 0022.beed.0ec3, IP da: 10.241.68.154, IP sa: 10.241.68.129, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 10.241.68.154, DHCP siaddr: 0.0.0.0, DHCP giaddr: 10.241.68.129, DHCP chaddr: e411.5b38.0257
Jun 12 08:52:25.975 UTC: DHCP_SNOOPING: add binding on port FastEthernet1/0/43.
Jun 12 08:52:25.975 UTC: DHCP_SNOOPING: added entry to table (index 90)
Jun 12 08:52:25.975 UTC: DHCP_SNOOPING: dump binding entry: Mac=E4:11:5B:38:02:57 Ip=10.241.68.154 Lease=86400 ld Type=dhcp-snooping Vlan=11 If=FastEthernet1/0/43
Jun 12 08:52:25.975 UTC: DHCP_SNOOPING: direct forward dhcp reply to output port: FastEthernet1/0/43.
Jun 12 08:52:33.625 UTC: DHCP_SNOOPING: received new DHCP packet from input interface (FastEthernet1/0/43)
Jun 12 08:52:33.625 UTC: DHCP_SNOOPING: process new DHCP packet, message type: DHCPRELEASE, input interface: Fa1/0/43, MAC da: 0022.beed.0ec3, MAC sa: e411.5b38.0257, IP da: 10.241.68.66, IP sa: 10.241.68.154, DHCP ciaddr: 10.241.68.154, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: e411.5b38.0257
Jun 12 08:52:33.625 UTC: DHCP_SNOOPING: delete binding from port FastEthernet1/0/43.
Jun 12 08:52:33.625 UTC: DHCP_SNOOPING: dump binding entry: Mac=E4:11:5B:38:02:57 Ip=10.241.68.154 Lease=86392 ld Type=dhcp-snooping Vlan=11 If=FastEthernet1/0/43
Jun 12 08:52:33.625 UTC: DHCP_SNOOPING: add relay information option.
Jun 12 08:52:33.625 UTC: DHCP_SNOOPING_SW: Encoding opt82 in vlan-mod-port format
Jun 12 08:52:33.625 UTC: DHCP_SNOOPING: binary dump of relay info option, length: 20 data:
0x52 0x12 0x1 0x6 0x0 0x4 0x0 0xB 0x1 0x2F 0x2 0x8 0x0 0x6 0x0 0x22 0xBE 0xED 0xE 0x80
Jun 12 08:52:33.634 UTC: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: 0022.BEED.0EC3, packet is flooded to ingress VLAN: (11)
Jun 12 08:52:33.634 UTC: DHCP_SNOOPING_SW: bridge packet send packet to cpu port: Vlan11.
Jun 12 08:52:44.262 UTC: DHCP_SNOOPING: received new DHCP packet from input interface (FastEthernet1/0/43)
Jun 12 08:52:44.262 UTC: DHCP_SNOOPING: process new DHCP packet, message type: DHCPDISCOVER, input interface: Fa1/0/43, MAC da: ffff.ffff.ffff, MAC sa: e411.5b38.0257, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: e411.5b38.0257
Jun 12 08:52:44.262 UTC: DHCP_SNOOPING: add relay information option.
Jun 12 08:52:44.262 UTC: DHCP_SNOOPING_SW: Encoding opt82 in vlan-mod-port format
Jun 12 08:52:44.262 UTC: DHCP_SNOOPING: binary dump of relay info option, length: 20 data:
0x52 0x12 0x1 0x6 0x0 0x4 0x0 0xB 0x1 0x2F 0x2 0x8 0x0 0x6 0x0 0x22 0xBE 0xED 0xE 0x80
Jun 12 08:52:44.262 UTC: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (11)
Jun 12 08:52:44.262 UTC: DHCP_SNOOPING_SW: bridge packet send packet to cpu port: Vlan11.
Jun 12 08:52:44.279 UTC: DHCP_SNOOPING: received new DHCP packet from input interface (FastEthernet1/0/43)
Jun 12 08:52:44.279 UTC: DHCP_SNOOPING: process new DHCP packet, message type: DHCPREQUEST, input interface: Fa1/0/43, MAC da: ffff.ffff.ffff, MAC sa: e411.5b38.0257, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: e411.5b38.0257
Jun 12 08:52:44.279 UTC: DHCP_SNOOPING: add relay information option.
Jun 12 08:52:44.279 UTC: DHCP_SNOOPING_SW: Encoding opt82 in vlan-mod-port format
Jun 12 08:52:44.279 UTC: DHCP_SNOOPING: binary dump of relay info option, length: 20 data:
0x52 0x12 0x1 0x6 0x0 0x4 0x0 0xB 0x1 0x2F 0x2 0x8 0x0 0x6 0x0 0x22 0xBE 0xED 0xE 0x80
Jun 12 08:52:44.279 UTC: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (11)
Jun 12 08:52:44.279 UTC: DHCP_SNOOPING_SW: bridge packet send packet to cpu port: Vlan11.
Jun 12 08:52:47.081 UTC: DHCP_SNOOPING: received new DHCP packet from input interface (Vlan11)
Jun 12 08:52:47.081 UTC: DHCP_SNOOPING: process new DHCP packet, message type: DHCPOFFER, input interface: Vl11, MAC da: e411.5b38.0257, MAC sa: 0022.beed.0ec3, IP da: 10.241.68.154, IP sa: 10.241.68.129, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 10.241.68.154, DHCP siaddr: 10.241.68.66, DHCP giaddr: 10.241.68.129, DHCP chaddr: e411.5b38.0257
Jun 12 08:52:47.081 UTC: DHCP_SNOOPING: direct forward dhcp reply to output port: FastEthernet1/0/43.
Jun 12 08:52:52.844 UTC: DHCP_SNOOPING: received new DHCP packet from input interface (FastEthernet1/0/43)
Jun 12 08:52:52.844 UTC: DHCP_SNOOPING: process new DHCP packet, message type: DHCPDISCOVER, input interface: Fa1/0/43, MAC da: ffff.ffff.ffff, MAC sa: e411.5b38.0257, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: e411.5b38.0257
Jun 12 08:52:52.844 UTC: DHCP_SNOOPING: add relay information option.
Jun 12 08:52:52.844 UTC: DHCP_SNOOPING_SW: Encoding opt82 in vlan-mod-port format
Jun 12 08:52:52.844 UTC: DHCP_SNOOPING: binary dump of relay info option, length: 20 data:
0x52 0x12 0x1 0x6 0x0 0x4 0x0 0xB 0x1 0x2F 0x2 0x8 0x0 0x6 0x0 0x22 0xBE 0xED 0xE 0x80
Jun 12 08:52:52.844 UTC: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (11)
Jun 12 08:52:52.844 UTC: DHCP_SNOOPING_SW: bridge packet send packet to cpu port: Vlan11.
Jun 12 08:52:52.844 UTC: DHCP_SNOOPING: received new DHCP packet from input interface (Vlan11)
Jun 12 08:52:52.844 UTC: DHCP_SNOOPING: process new DHCP packet, message type: DHCPOFFER, input interface: Vl11, MAC da: e411.5b38.0257, MAC sa: 0022.beed.0ec3, IP da: 10.241.68.154, IP sa: 10.241.68.129, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 10.241.68.154, DHCP siaddr: 10.241.68.66, DHCP giaddr: 10.241.68.129, DHCP chaddr: e411.5b38.0257
Jun 12 08:52:52.844 UTC: DHCP_SNOOPING: direct forward dhcp reply to output port: FastEthernet1/0/43.
Jun 12 08:52:52.844 UTC: DHCP_SNOOPING: received new DHCP packet from input interface (FastEthernet1/0/43)
Jun 12 08:52:52.844 UTC: DHCP_SNOOPING: process new DHCP packet, message type: DHCPREQUEST, input interface: Fa1/0/43, MAC da: ffff.ffff.ffff, MAC sa: e411.5b38.0257, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: e411.5b38.0257
Jun 12 08:52:52.844 UTC: DHCP_SNOOPING: add relay information option.
Jun 12 08:52:52.844 UTC: DHCP_SNOOPING_SW: Encoding opt82 in vlan-mod-port format
Jun 12 08:52:52.844 UTC: DHCP_SNOOPING: binary dump of relay info option, length: 20 data:
0x52 0x12 0x1 0x6 0x0 0x4 0x0 0xB 0x1 0x2F 0x2 0x8 0x0 0x6 0x0 0x22 0xBE 0xED 0xE 0x80
Jun 12 08:52:52.852 UTC: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (11)
Jun 12 08:52:52.852 UTC: DHCP_SNOOPING_SW: bridge packet send packet to cpu port: Vlan11.
Jun 12 08:52:52.852 UTC: DHCP_SNOOPING: received new DHCP packet from input interface (Vlan11)
Jun 12 08:52:52.852 UTC: DHCP_SNOOPING: process new DHCP packet, message type: DHCPACK, input interface: Vl11, MAC da: e411.5b38.0257, MAC sa: 0022.beed.0ec3, IP da: 10.241.68.154, IP sa: 10.241.68.129, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 10.241.68.154, DHCP siaddr: 0.0.0.0, DHCP giaddr: 10.241.68.129, DHCP chaddr: e411.5b38.0257
Jun 12 08:52:52.852 UTC: DHCP_SNOOPING: add binding on port FastEthernet1/0/43.
Jun 12 08:52:52.852 UTC: DHCP_SNOOPING: added entry to table (index 90)
Jun 12 08:52:52.852 UTC: DHCP_SNOOPING: dump binding entry: Mac=E4:11:5B:38:02:57 Ip=10.241.68.154 Lease=86400 ld Type=dhcp-snooping Vlan=11 If=FastEthernet1/0/43
Jun 12 08:52:52.852 UTC: DHCP_SNOOPING: direct forward dhcp reply to output port: FastEthernet1/0/43.
Jun 12 08:52:59.420 UTC: DHCP_SNOOPING: received new DHCP packet from input interface (FastEthernet1/0/43)
Jun 12 08:52:59.420 UTC: DHCP_SNOOPING: process new DHCP packet, message type: DHCPRELEASE, input interface: Fa1/0/43, MAC da: 0022.beed.0ec3, MAC sa: e411.5b38.0257, IP da: 10.241.68.66, IP sa: 10.241.68.154, DHCP ciaddr: 10.241.68.154, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: e411.5b38.0257
Jun 12 08:52:59.420 UTC: DHCP_SNOOPING: delete binding from port FastEthernet1/0/43.
Jun 12 08:52:59.420 UTC: DHCP_SNOOPING: dump binding entry: Mac=E4:11:5B:38:02:57 Ip=10.241.68.154 Lease=86393 ld Type=dhcp-snooping Vlan=11 If=FastEthernet1/0/43
Jun 12 08:52:59.420 UTC: DHCP_SNOOPING: add relay information option.
Jun 12 08:52:59.420 UTC: DHCP_SNOOPING_SW: Encoding opt82 in vlan-mod-port format
Jun 12 08:52:59.420 UTC: DHCP_SNOOPING: binary dump of relay info option, length: 20 data:
0x52 0x12 0x1 0x6 0x0 0x4 0x0 0xB 0x1 0x2F 0x2 0x8 0x0 0x6 0x0 0x22 0xBE 0xED 0xE 0x80
Jun 12 08:52:59.420 UTC: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: 0022.BEED.0EC3, packet is flooded to ingress VLAN: (11)
Jun 12 08:52:59.420 UTC: DHCP_SNOOPING_SW: bridge packet send packet to cpu port: Vlan11.
Jun 12 08:53:07.851 UTC: DHCP_SNOOPING: received new DHCP packet from input interface (FastEthernet1/0/43)
Jun 12 08:53:07.851 UTC: DHCP_SNOOPING: process new DHCP packet, message type: DHCPDISCOVER, input interface: Fa1/0/43, MAC da: ffff.ffff.ffff, MAC sa: e411.5b38.0257, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: e411.5b38.0257
Jun 12 08:53:07.851 UTC: DHCP_SNOOPING: add relay information option.
Jun 12 08:53:07.851 UTC: DHCP_SNOOPING_SW: Encoding opt82 in vlan-mod-port format
Jun 12 08:53:07.851 UTC: DHCP_SNOOPING: binary dump of relay info option, length: 20 data:
0x52 0x12 0x1 0x6 0x0 0x4 0x0 0xB 0x1 0x2F 0x2 0x8 0x0 0x6 0x0 0x22 0xBE 0xED 0xE 0x80
Jun 12 08:53:07.851 UTC: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (11)
Jun 12 08:53:07.851 UTC: DHCP_SNOOPING_SW: bridge packet send packet to cpu port: Vlan11.
Jun 12 08:53:07.859 UTC: DHCP_SNOOPING: received new DHCP packet from input interface (FastEthernet1/0/43)
Jun 12 08:53:07.859 UTC: DHCP_SNOOPING: process new DHCP packet, message type: DHCPREQUEST, input interface: Fa1/0/43, MAC da: ffff.ffff.ffff, MAC sa: e411.5b38.0257, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: e411.5b38.0257
Jun 12 08:53:07.868 UTC: DHCP_SNOOPING: add relay information option.
Jun 12 08:53:07.868 UTC: DHCP_SNOOPING_SW: Encoding opt82 in vlan-mod-port format
Jun 12 08:53:07.868 UTC: DHCP_SNOOPING: binary dump of relay info option, length: 20 data:
0x52 0x12 0x1 0x6 0x0 0x4 0x0 0xB 0x1 0x2F 0x2 0x8 0x0 0x6 0x0 0x22 0xBE 0xED 0xE 0x80
Jun 12 08:53:07.868 UTC: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (11)
Jun 12 08:53:07.868 UTC: DHCP_SNOOPING_SW: bridge packet send packet to cpu port: Vlan11.
Jun 12 08:53:10.586 UTC: DHCP_SNOOPING: received new DHCP packet from input interface (Vlan11)
Jun 12 08:53:10.586 UTC: DHCP_SNOOPING: process new DHCP packet, message type: DHCPOFFER, input interface: Vl11, MAC da: e411.5b38.0257, MAC sa: 0022.beed.0ec3, IP da: 10.241.68.154, IP sa: 10.241.68.129, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 10.241.68.154, DHCP siaddr: 10.241.68.66, DHCP giaddr: 10.241.68.129, DHCP chaddr: e411.5b38.0257
Jun 12 08:53:10.586 UTC: DHCP_SNOOPING: direct forward dhcp reply to output port: FastEthernet1/0/43.
Jun 12 08:53:16.911 UTC: DHCP_SNOOPING: received new DHCP packet from input interface (FastEthernet1/0/43)
Jun 12 08:53:16.911 UTC: DHCP_SNOOPING: process new DHCP packet, message type: DHCPINFORM, input interface: Fa1/0/43, MAC da: ffff.ffff.ffff, MAC sa: e411.5b38.0257, IP da: 255.255.255.255, IP sa: 192.168.1.2, DHCP ciaddr: 192.168.1.2, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: e411.5b38.0257
Jun 12 08:53:16.911 UTC: DHCP_SNOOPING: add relay information option.
Jun 12 08:53:16.911 UTC: DHCP_SNOOPING_SW: Encoding opt82 in vlan-mod-port format
Jun 12 08:53:16.911 UTC: DHCP_SNOOPING: binary dump of relay info option, length: 20 data:
0x52 0x12 0x1 0x6 0x0 0x4 0x0 0xB 0x1 0x2F 0x2 0x8 0x0 0x6 0x0 0x22 0xBE 0xED 0xE 0x80
Jun 12 08:53:16.911 UTC: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (11)
Jun 12 08:53:16.911 UTC: DHCP_SNOOPING_SW: bridge packet send packet to cpu port: Vlan11.
06-13-2012 09:07 AM
There is a DHCP client connected to the port F1/0/43 (we can see DHCP REQUEST packet on it) ....
06-13-2012 09:31 AM
Because this rogue dhcp device is connected to a DHCP client VLAN, it will also act as a client in sending out a DHCP request to the DHCP server hence the requests you see. The problem i am facing is trying to stop this machine from sending out DHCP requests to users on the same VLAN as itself...
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: