Unable to get IP from Router using dhcp snooping

Answered Question
Jan 14th, 2010

Hi all,

I have 2650 Router acting as dhcp server  and i have 2950 switch.

Config on router lan int

interface FastEthernet1/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto

what i did today is config dhcp snooping on 2950t switch

ip dhcp snooping vlan 1

when i did on the switch and i restarted the pc it was unable to get the ip from router dhcp.

when i assign the static ip to pc it worked fine.

when i removed no ip dhcp snooping vlan 1 from switch config then my pc was able to get the ip address.

650#    sh ip dhcp binding
Bindings from all pools not associated with VRF:
IP address          Client-ID/              Lease expiration        Type
                    Hardware address/
                    User name
192.168.1.2         0100.1641.e4ae.bc       Jan 15 2010 11:12 AM    Automatic
192.168.1.3         0100.1e33.92d5.7a       Jan 15 2010 11:19 AM    Automatic.

any body knows why  enabling dhcp snooping caused this issue on my network that my pc was unable to get ip from dhcp server dynamicaly?

thanks

mahesh

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 7 years 1 week ago

mahesh18 wrote:

Hi Jon,

i did not config the Router lan int fa1/0 as trusted port.

thanks

mahesh

Mahesh

See this doc for details -

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_22_ea5/configuration/guide/swdhcp82.html#wp1058259

You need to configure the router port as trusted ie. "ip dhcp snooping trust" and the other ports with clients as untrusted ie. "no ip dhcp snooping trust"

Jon

Correct Answer by Jon Marshall about 7 years 1 week ago

mahesh18 wrote:

Hi all,

I have 2650 Router acting as dhcp server  and i have 2950 switch.

Config on router lan int

interface FastEthernet1/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto

what i did today is config dhcp snooping on 2950t switch

ip dhcp snooping vlan 1

when i did on the switch and i restarted the pc it was unable to get the ip from router dhcp.

when i assign the static ip to pc it worked fine.

when i removed no ip dhcp snooping vlan 1 from switch config then my pc was able to get the ip address.

650#    sh ip dhcp binding
Bindings from all pools not associated with VRF:
IP address          Client-ID/              Lease expiration        Type
                    Hardware address/
                    User name
192.168.1.2         0100.1641.e4ae.bc       Jan 15 2010 11:12 AM    Automatic
192.168.1.3         0100.1e33.92d5.7a       Jan 15 2010 11:19 AM    Automatic.

any body knows why  enabling dhcp snooping caused this issue on my network that my pc was unable to get ip from dhcp server dynamicaly?

thanks

mahesh

Mahesh

Did you configure the port that the router connects to as a trusted port ?

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Jon Marshall Thu, 01/14/2010 - 10:34

mahesh18 wrote:

Hi all,

I have 2650 Router acting as dhcp server  and i have 2950 switch.

Config on router lan int

interface FastEthernet1/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto

what i did today is config dhcp snooping on 2950t switch

ip dhcp snooping vlan 1

when i did on the switch and i restarted the pc it was unable to get the ip from router dhcp.

when i assign the static ip to pc it worked fine.

when i removed no ip dhcp snooping vlan 1 from switch config then my pc was able to get the ip address.

650#    sh ip dhcp binding
Bindings from all pools not associated with VRF:
IP address          Client-ID/              Lease expiration        Type
                    Hardware address/
                    User name
192.168.1.2         0100.1641.e4ae.bc       Jan 15 2010 11:12 AM    Automatic
192.168.1.3         0100.1e33.92d5.7a       Jan 15 2010 11:19 AM    Automatic.

any body knows why  enabling dhcp snooping caused this issue on my network that my pc was unable to get ip from dhcp server dynamicaly?

thanks

mahesh

Mahesh

Did you configure the port that the router connects to as a trusted port ?

Jon

mahesh18 Thu, 01/14/2010 - 10:46

Hi Jon,

i did not config the Router lan int fa1/0 as trusted port.

thanks

mahesh

Correct Answer
Jon Marshall Thu, 01/14/2010 - 10:50

mahesh18 wrote:

Hi Jon,

i did not config the Router lan int fa1/0 as trusted port.

thanks

mahesh

Mahesh

See this doc for details -

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_22_ea5/configuration/guide/swdhcp82.html#wp1058259

You need to configure the router port as trusted ie. "ip dhcp snooping trust" and the other ports with clients as untrusted ie. "no ip dhcp snooping trust"

Jon

mahesh18 Thu, 01/14/2010 - 10:59

Hi john

now i did config under switch

ip dhcp snooping vlan 1
ip dhcp snooping information option allow-untrusted

and after this i did release and renew ip from laptop.

then my pc was able to get ip from dhcp server which is router.

also under my router there is no option for

ip dhcp snooping ?

thanks

mahesh

mahesh18 Thu, 01/14/2010 - 11:04

Hi john

when i do

2950T#            sh ip dhcp snooping
Switch DHCP snooping is disabled
DHCP snooping is configured on following VLANs:
1
Insertion of option 82 is enabled
Interface                    Trusted     Rate limit (pps)
------------------------     -------     ----------------

it does not show any port under it?

do you know why is it like this

thanks

mahesh

mahesh18 Thu, 01/14/2010 - 11:17

hi john

thanks again

i did this now

under switch config

ip dhcp snooping vlan 1

and port that connects this switch to router

interface GigabitEthernet0/2
description Wan connection to Router
ip dhcp snooping trust

after this config i did ip release and renew and my pc was able to get the ip from dhcp server.

i did not config router lan interface as trusted one? is this ok

many thanks

mahesh

Actions

This Discussion