Unable to get IP from Router using dhcp snooping

Answered Question
Jan 14th, 2010
User Badges:

Hi all,


I have 2650 Router acting as dhcp server  and i have 2950 switch.

Config on router lan int


interface FastEthernet1/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto



what i did today is config dhcp snooping on 2950t switch


ip dhcp snooping vlan 1


when i did on the switch and i restarted the pc it was unable to get the ip from router dhcp.

when i assign the static ip to pc it worked fine.

when i removed no ip dhcp snooping vlan 1 from switch config then my pc was able to get the ip address.



650#    sh ip dhcp binding
Bindings from all pools not associated with VRF:
IP address          Client-ID/              Lease expiration        Type
                    Hardware address/
                    User name
192.168.1.2         0100.1641.e4ae.bc       Jan 15 2010 11:12 AM    Automatic
192.168.1.3         0100.1e33.92d5.7a       Jan 15 2010 11:19 AM    Automatic.


any body knows why  enabling dhcp snooping caused this issue on my network that my pc was unable to get ip from dhcp server dynamicaly?

thanks

mahesh

Correct Answer by Jon Marshall about 7 years 4 months ago

mahesh18 wrote:


Hi Jon,

i did not config the Router lan int fa1/0 as trusted port.

thanks

mahesh


Mahesh


See this doc for details -


http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_22_ea5/configuration/guide/swdhcp82.html#wp1058259


You need to configure the router port as trusted ie. "ip dhcp snooping trust" and the other ports with clients as untrusted ie. "no ip dhcp snooping trust"


Jon

Correct Answer by Jon Marshall about 7 years 4 months ago

mahesh18 wrote:


Hi all,


I have 2650 Router acting as dhcp server  and i have 2950 switch.

Config on router lan int


interface FastEthernet1/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto



what i did today is config dhcp snooping on 2950t switch


ip dhcp snooping vlan 1


when i did on the switch and i restarted the pc it was unable to get the ip from router dhcp.

when i assign the static ip to pc it worked fine.

when i removed no ip dhcp snooping vlan 1 from switch config then my pc was able to get the ip address.



650#    sh ip dhcp binding
Bindings from all pools not associated with VRF:
IP address          Client-ID/              Lease expiration        Type
                    Hardware address/
                    User name
192.168.1.2         0100.1641.e4ae.bc       Jan 15 2010 11:12 AM    Automatic
192.168.1.3         0100.1e33.92d5.7a       Jan 15 2010 11:19 AM    Automatic.


any body knows why  enabling dhcp snooping caused this issue on my network that my pc was unable to get ip from dhcp server dynamicaly?

thanks

mahesh


Mahesh


Did you configure the port that the router connects to as a trusted port ?


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Jon Marshall Thu, 01/14/2010 - 10:34
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

mahesh18 wrote:


Hi all,


I have 2650 Router acting as dhcp server  and i have 2950 switch.

Config on router lan int


interface FastEthernet1/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto



what i did today is config dhcp snooping on 2950t switch


ip dhcp snooping vlan 1


when i did on the switch and i restarted the pc it was unable to get the ip from router dhcp.

when i assign the static ip to pc it worked fine.

when i removed no ip dhcp snooping vlan 1 from switch config then my pc was able to get the ip address.



650#    sh ip dhcp binding
Bindings from all pools not associated with VRF:
IP address          Client-ID/              Lease expiration        Type
                    Hardware address/
                    User name
192.168.1.2         0100.1641.e4ae.bc       Jan 15 2010 11:12 AM    Automatic
192.168.1.3         0100.1e33.92d5.7a       Jan 15 2010 11:19 AM    Automatic.


any body knows why  enabling dhcp snooping caused this issue on my network that my pc was unable to get ip from dhcp server dynamicaly?

thanks

mahesh


Mahesh


Did you configure the port that the router connects to as a trusted port ?


Jon

mahesh18 Thu, 01/14/2010 - 10:46
User Badges:

Hi Jon,

i did not config the Router lan int fa1/0 as trusted port.

thanks

mahesh

Correct Answer
Jon Marshall Thu, 01/14/2010 - 10:50
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

mahesh18 wrote:


Hi Jon,

i did not config the Router lan int fa1/0 as trusted port.

thanks

mahesh


Mahesh


See this doc for details -


http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_22_ea5/configuration/guide/swdhcp82.html#wp1058259


You need to configure the router port as trusted ie. "ip dhcp snooping trust" and the other ports with clients as untrusted ie. "no ip dhcp snooping trust"


Jon

mahesh18 Thu, 01/14/2010 - 10:59
User Badges:

Hi john

now i did config under switch


ip dhcp snooping vlan 1
ip dhcp snooping information option allow-untrusted


and after this i did release and renew ip from laptop.

then my pc was able to get ip from dhcp server which is router.

also under my router there is no option for

ip dhcp snooping ?


thanks

mahesh

mahesh18 Thu, 01/14/2010 - 11:04
User Badges:

Hi john

when i do


2950T#            sh ip dhcp snooping
Switch DHCP snooping is disabled
DHCP snooping is configured on following VLANs:
1
Insertion of option 82 is enabled
Interface                    Trusted     Rate limit (pps)
------------------------     -------     ----------------

it does not show any port under it?

do you know why is it like this

thanks

mahesh

mahesh18 Thu, 01/14/2010 - 11:17
User Badges:

hi john

thanks again


i did this now

under switch config


ip dhcp snooping vlan 1

and port that connects this switch to router


interface GigabitEthernet0/2
description Wan connection to Router
ip dhcp snooping trust


after this config i did ip release and renew and my pc was able to get the ip from dhcp server.

i did not config router lan interface as trusted one? is this ok


many thanks

mahesh

Actions

This Discussion