DHCP snooping binding

Unanswered Question
Sep 18th, 2009
User Badges:
  • Gold, 750 points or more

Dear all,


I run DHCP snooping & DAI.

typically all leases from external server are noted and added to binding table. however recently I have noticed that after lease was increased, some entries just assigned were no longer present within the lease period.

for example if my lease is 48hrs, entries were not present after 8hrs...no NAK or release messages were logged. as a result DAI did what is suppose to do.


Platform is 4510 , 12.2(31) SGA8 release notes were parsed for BUGs, none found.


any thoughts ?


TIA


Sam

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Peter Paluch Fri, 09/18/2009 - 11:19
User Badges:
  • Cisco Employee,

Hi Sam,


An interesting issue. Personally, I would start by looking carefully at the show ip dhcp binding output and having a look whether the recorded leases have the proper lease time indicated. If not then it would be worth trying to sniff the DHCPACK messages to see what timeouts they contain and in what relationship they are in comparison with the DHCP snooping database.


An entry in the DHCP snooping database will be removed if the associated port goes down. Also, while I am not completely sure about it I suspect that other connectivity changes could also account for flushing an entry - 802.1X authentication failure, STP role/state change on a port or similar. That would be my second guess - to check whether there are events similar to these that could potentially cause the DHCP snooping entries to be flushed. Note that Windows in particular tend to ignore short connectivity issues and they often do not renew their DHCP lease after an intermittent connectivity problem.


If debugging is possible for you, I would also have a look for the output of the debug ip dhcp snooping event command (and the related debugs) to see if any reason for flushing an entry from the snooping database is indicated.


Best regards,

Peter


cisco_lad2004 Fri, 09/18/2009 - 11:55
User Badges:
  • Gold, 750 points or more

Thanks Peter !


I quickly tested if snooping database is cleared if a port goes down, and I am afraid it does not. logged lease just keeps decreasing as normal (bearing in mind I am using PVLANs).

I will definitely debug and use a sniffer.


Sam




Peter Paluch Fri, 09/18/2009 - 12:01
User Badges:
  • Cisco Employee,

Hello Sam,


Hmm... I'm home right now but I will be in a lab tomorrow so I will also give it a try.


Best regards,

Peter


Actions

This Discussion