Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
744
Views
0
Helpful
1
Replies

DHCP Snooping not working

Go to solution
2044418Puts
Level 1
Level 1

‎08-04-2009 01:48 PM - edited ‎03-06-2019 07:05 AM

Hi,

Im trying to get DHCP snooping working on a WS-C2960-48TC-S with IOS version 122-50.SE3 (LAN Lite). But for some reason it isnt working at all.

I've globally enabled dhcp snooping using the "ip dhcp snooping" command. I've enabled dhcp snooping on vlan 10. I've made all my access layer ports untrusted, and configured my uplinks as trusted. I've configured the database on flash:/snooping.db. Don't know if this last thing is needed.

Now when I connect a router working as a rogue dhcp server to an untrusted port and I refresh my dhcp on a client PC, the client PC just gets the IP address of the rogue DHCP server....

Config:

ip dhcp snooping vlan 10

ip dhcp snooping database flash:/snooping.db

ip dhcp snooping

interface FastEthernet0/1

description CLIENTPC

switchport access vlan 10

switchport mode access

storm-control broadcast level bps 10m

storm-control multicast level bps 10m

storm-control action trap

spanning-tree portfast

spanning-tree guard root

ip dhcp snooping limit rate 50

!

interface FastEthernet0/2

description ROGUE DHCP SERVER

switchport access vlan 10

switchport mode access

storm-control broadcast level bps 10m

storm-control multicast level bps 10m

storm-control action trap

spanning-tree portfast

spanning-tree guard root

ip dhcp snooping limit rate 50

!

interface GigabitEthernet0/1

description UPLINK TO REAL DHCPSERVER

switchport mode trunk

udld port aggressive

spanning-tree link-type point-to-point

ip dhcp snooping trust

HOSTNAME# show ip dhcp snooping

Switch DHCP snooping is enabled

DHCP snooping is configured on following VLANs:

10

DHCP snooping is operational on following VLANs:

10

DHCP snooping is configured on the following L3 Interfaces:

Insertion of option 82 is enabled

circuit-id default format: vlan-mod-port

remote-id: 0026.517d.d900 (MAC)

Option 82 on untrusted port is not allowed

Verification of hwaddr field is enabled

Verification of giaddr field is enabled

DHCP snooping trust/rate is configured on the following Interfaces:

Interface Trusted Allow option Rate limit (pps)

----------------------- ------- ------------ ----------------

FastEthernet0/1 no no 50

Custom circuit-ids:

FastEthernet0/2 no no 50

Custom circuit-ids:

GigabitEthernet0/1 yes yes unlimited

Custom circuit-ids:

Any help would be appreciated. Thanks! Is it because of my LAN Lite image?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎08-04-2009 01:57 PM

Hello,

I am not completely sure but the documentation suggests that the DHCP features are supported on LAN Base image only. Check this page for further details:

http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst2960/software/release/12.2_50_se/configuration/guide/swdhcp82.html

Best regards,

Peter

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎08-04-2009 01:57 PM

Hello,

I am not completely sure but the documentation suggests that the DHCP features are supported on LAN Base image only. Check this page for further details:

http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst2960/software/release/12.2_50_se/configuration/guide/swdhcp82.html

Best regards,

Peter

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card