cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
1809
Views
0
Helpful
6
Replies

Unable to get IP from Router using dhcp snooping

mahesh18
Level 6
Level 6

Hi all,

I have 2650 Router acting as dhcp server  and i have 2950 switch.

Config on router lan int

interface FastEthernet1/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto

what i did today is config dhcp snooping on 2950t switch

ip dhcp snooping vlan 1

when i did on the switch and i restarted the pc it was unable to get the ip from router dhcp.

when i assign the static ip to pc it worked fine.

when i removed no ip dhcp snooping vlan 1 from switch config then my pc was able to get the ip address.

650#    sh ip dhcp binding
Bindings from all pools not associated with VRF:
IP address          Client-ID/              Lease expiration        Type
                    Hardware address/
                    User name
192.168.1.2         0100.1641.e4ae.bc       Jan 15 2010 11:12 AM    Automatic
192.168.1.3         0100.1e33.92d5.7a       Jan 15 2010 11:19 AM    Automatic.

any body knows why  enabling dhcp snooping caused this issue on my network that my pc was unable to get ip from dhcp server dynamicaly?

thanks

mahesh

2 Accepted Solutions

Accepted Solutions

Jon Marshall
Hall of Fame
Hall of Fame

mahesh18 wrote:

Hi all,

I have 2650 Router acting as dhcp server  and i have 2950 switch.

Config on router lan int

interface FastEthernet1/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto

what i did today is config dhcp snooping on 2950t switch

ip dhcp snooping vlan 1

when i did on the switch and i restarted the pc it was unable to get the ip from router dhcp.

when i assign the static ip to pc it worked fine.

when i removed no ip dhcp snooping vlan 1 from switch config then my pc was able to get the ip address.

650#    sh ip dhcp binding
Bindings from all pools not associated with VRF:
IP address          Client-ID/              Lease expiration        Type
                    Hardware address/
                    User name
192.168.1.2         0100.1641.e4ae.bc       Jan 15 2010 11:12 AM    Automatic
192.168.1.3         0100.1e33.92d5.7a       Jan 15 2010 11:19 AM    Automatic.

any body knows why  enabling dhcp snooping caused this issue on my network that my pc was unable to get ip from dhcp server dynamicaly?

thanks

mahesh

Mahesh

Did you configure the port that the router connects to as a trusted port ?

Jon

View solution in original post

mahesh18 wrote:

Hi Jon,

i did not config the Router lan int fa1/0 as trusted port.

thanks

mahesh

Mahesh

See this doc for details -

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_22_ea5/configuration/guide/swdhcp82.html#wp1058259

You need to configure the router port as trusted ie. "ip dhcp snooping trust" and the other ports with clients as untrusted ie. "no ip dhcp snooping trust"

Jon

View solution in original post

6 Replies 6

Jon Marshall
Hall of Fame
Hall of Fame

mahesh18 wrote:

Hi all,

I have 2650 Router acting as dhcp server  and i have 2950 switch.

Config on router lan int

interface FastEthernet1/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto

what i did today is config dhcp snooping on 2950t switch

ip dhcp snooping vlan 1

when i did on the switch and i restarted the pc it was unable to get the ip from router dhcp.

when i assign the static ip to pc it worked fine.

when i removed no ip dhcp snooping vlan 1 from switch config then my pc was able to get the ip address.

650#    sh ip dhcp binding
Bindings from all pools not associated with VRF:
IP address          Client-ID/              Lease expiration        Type
                    Hardware address/
                    User name
192.168.1.2         0100.1641.e4ae.bc       Jan 15 2010 11:12 AM    Automatic
192.168.1.3         0100.1e33.92d5.7a       Jan 15 2010 11:19 AM    Automatic.

any body knows why  enabling dhcp snooping caused this issue on my network that my pc was unable to get ip from dhcp server dynamicaly?

thanks

mahesh

Mahesh

Did you configure the port that the router connects to as a trusted port ?

Jon

Hi Jon,

i did not config the Router lan int fa1/0 as trusted port.

thanks

mahesh

mahesh18 wrote:

Hi Jon,

i did not config the Router lan int fa1/0 as trusted port.

thanks

mahesh

Mahesh

See this doc for details -

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_22_ea5/configuration/guide/swdhcp82.html#wp1058259

You need to configure the router port as trusted ie. "ip dhcp snooping trust" and the other ports with clients as untrusted ie. "no ip dhcp snooping trust"

Jon

Hi john

now i did config under switch

ip dhcp snooping vlan 1
ip dhcp snooping information option allow-untrusted

and after this i did release and renew ip from laptop.

then my pc was able to get ip from dhcp server which is router.

also under my router there is no option for

ip dhcp snooping ?

thanks

mahesh

Hi john

when i do

2950T#            sh ip dhcp snooping
Switch DHCP snooping is disabled
DHCP snooping is configured on following VLANs:
1
Insertion of option 82 is enabled
Interface                    Trusted     Rate limit (pps)
------------------------     -------     ----------------

it does not show any port under it?

do you know why is it like this

thanks

mahesh

hi john

thanks again

i did this now

under switch config

ip dhcp snooping vlan 1

and port that connects this switch to router

interface GigabitEthernet0/2
description Wan connection to Router
ip dhcp snooping trust

after this config i did ip release and renew and my pc was able to get the ip from dhcp server.

i did not config router lan interface as trusted one? is this ok

many thanks

mahesh

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: