04-25-2009 01:54 PM - edited 03-06-2019 05:23 AM
Hi,
Is there any specification(RFC or otherwise) that describes the behavior of DHCP snooping, specially how it would behave in conjunction with PXE support.
Please take some time to refer to MS PXE support.
http://support.microsoft.com/kb/244036
How is the second DHCP OFFER packet received from the RIS server intended for the same client, handled by a DHCP enabled switch?
Since there is a second DHCP OFFER packet intended to the same client I am curious to know how this is handled by a DHCP enabled switch.
Thanks
04-26-2009 11:59 PM
Hello Ranil,
this is a very good question.
in a switch without DHCP snooping to support PXE you need:
-spanning-tree portfast on the port or the PXE process will time out
- an ip helper address command for the RIS server on the L3 device has to be added to that for the DHCP server
the multiple ip helper-address commands cause the DHCP offer to be translated to all the helper-address unicast destinations.
From the point of view of DHCP snooping is important that the port(s) where server side messages are received are classified as trusted or they will be discarded.
On a client untrusted port DHCP snooping performs several checks:
only client side messages are accepted
the client messages can be examined to verify that
DHCP decline and release messages arrive on the ports where the ip addresses had been assigned.
the source MAC address of frame and client-id inside the packet are the same.
The idea is to avoid man in the middle and denial of service attacks (scope depletion).
I'm not sure but probably two DHCP offers arriving on the same client untrusted port could be accepted if so DHCP snooping and PXE can coexist.
see
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a00800f0804.shtml#pxe
But initial implementations of DHCP snooping were a problem with PXE:
CSCeh22506
A switch now forwards DHCP-acknowledge packets from a Pre-Boot Execution Environment (PXE) server when IP DHCP snooping is enabled.
see
So you need to verify if your switches are affected by this bug.
Hope to help
Giuseppe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide