09-18-2009 09:54 AM - edited 03-06-2019 07:47 AM
Dear all,
I run DHCP snooping & DAI.
typically all leases from external server are noted and added to binding table. however recently I have noticed that after lease was increased, some entries just assigned were no longer present within the lease period.
for example if my lease is 48hrs, entries were not present after 8hrs...no NAK or release messages were logged. as a result DAI did what is suppose to do.
Platform is 4510 , 12.2(31) SGA8 release notes were parsed for BUGs, none found.
any thoughts ?
TIA
Sam
09-18-2009 11:19 AM
Hi Sam,
An interesting issue. Personally, I would start by looking carefully at the show ip dhcp binding output and having a look whether the recorded leases have the proper lease time indicated. If not then it would be worth trying to sniff the DHCPACK messages to see what timeouts they contain and in what relationship they are in comparison with the DHCP snooping database.
An entry in the DHCP snooping database will be removed if the associated port goes down. Also, while I am not completely sure about it I suspect that other connectivity changes could also account for flushing an entry - 802.1X authentication failure, STP role/state change on a port or similar. That would be my second guess - to check whether there are events similar to these that could potentially cause the DHCP snooping entries to be flushed. Note that Windows in particular tend to ignore short connectivity issues and they often do not renew their DHCP lease after an intermittent connectivity problem.
If debugging is possible for you, I would also have a look for the output of the debug ip dhcp snooping event command (and the related debugs) to see if any reason for flushing an entry from the snooping database is indicated.
Best regards,
Peter
09-18-2009 11:55 AM
Thanks Peter !
I quickly tested if snooping database is cleared if a port goes down, and I am afraid it does not. logged lease just keeps decreasing as normal (bearing in mind I am using PVLANs).
I will definitely debug and use a sniffer.
Sam
09-18-2009 12:01 PM
Hello Sam,
Hmm... I'm home right now but I will be in a lab tomorrow so I will also give it a try.
Best regards,
Peter
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide