×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

problem with enabling dhcp snooping on 1 vlan

Unanswered Question
Nov 25th, 2011
User Badges:

hi all,


I got some problem with  enabling dhcp snooping on 4500 (cat4500e-lanbasek9-mz.122-54.SG.bin)

the topology is as below:

dhcp snooping enabled only on CORE (with interface trusted to dhcp server)


snooping.jpg


the problem is that I put these 2 commnads

ip dhcp snooping

ip dhcp snooping vlan 1


but it is not enabled on any vlan



SW-CORE#sh ip dhcp snooping

Switch DHCP snooping is enabled

DHCP snooping is configured on following VLANs:

none

DHCP snooping is operational on following VLANs:

none

DHCP snooping is configured on the following L3 Interfaces:


Insertion of option 82 is enabled

circuit-id default format: vlan-mod-port

remote-id: 1cdf.0ffe.1600 (MAC)

Option 82 on untrusted port is not allowed


Verification of hwaddr field is enabled

Verification of giaddr field is enabled


DHCP snooping trust/rate is configured on the following Interfaces:


Interface                  Trusted    Allow option    Rate limit (pps)

---------------------    -------    ------------    ----------------


GigabitEthernet6/48 yes        yes             unlimited


Custom circuit-ids:



On B1 if I turn it on there is a "1" in the section "

DHCP snooping is configured on following VLANs:" but on core no.


As you can see I did put the trusted on the interface in the direction to the dhcp.


First I thought it can be a problem with option 82, I've read a lot about the issues with that, but the problem would be explicable if the client did receive IP address, but it does.

Right now I have no access to the devices so deep troubleshooting is limited so any raw suggestions?


regards



Przemek

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Reza Sharifi Fri, 11/25/2011 - 17:31
User Badges:
  • Super Bronze, 10000 points or more
  • Cisco Designated VIP,

    2017 LAN

Hi,


In addition to configuring it under the interface, you also need to enable it globally


have a look at this example:


Switch(config)#ip dhcp snooping vlan 1

Switch(config)#do sh ip dh snoo      

Switch DHCP snooping is enabled

DHCP snooping is configured on following VLANs:

1

DHCP snooping is operational on following VLANs:

1

DHCP snooping is configured on the following L3 Interfaces:


Insertion of option 82 is enabled

   circuit-id default format: vlan-mod-port

   remote-id: 001b.5400.3380 (MAC)

Option 82 on untrusted port is not allowed

Verification of hwaddr field is enabled

Verification of giaddr field is enabled

DHCP snooping trust/rate is configured on the following Interfaces:


Interface                  Trusted    Allow option    Rate limit (pps)

-----------------------    -------    ------------    ----------------  

GigabitEthernet1/0/1       yes        yes             unlimited

  Custom circuit-ids:

Switch(config)#


HTH

Przemyslaw Konitz Fri, 11/25/2011 - 22:44
User Badges:

hi,

thx for reply,


I wasn't clear enaugh - I know that it must be enabled and I did put these 2 commands globally in the first place, but still I got none in the place where vlans are mentioned. Show run indicated that it is enabled globally and in the vlan, but show ip dhcp snooping as pasted previously.


I tried it on 2960 (B1) and its ok (right now its disabled if that matters), the problem is only with  4500 what is realy  frustrating.


I forgot to add that somehow dhcp snooping was working as expected that when I change the interface to which the B2 switch is connected (the one with dhcp server)  to the untrusted, the station couldn't get the IP address. So it seams that only binding table is not being build and that it shows it is enabled on none vlans.

Binding table is essential here cause I want to use DAI  so please help


regards

Przemek

Przemyslaw Konitz Sat, 11/26/2011 - 13:17
User Badges:

ok its working


after disabling it and enabling in the same manner it started to work. Don't know why it didnt in the first place.


regards

Actions

This Discussion