DHCP Snooping not enabled for all Vlan.

Unanswered Question
Jan 20th, 2014
User Badges:

Hi


We have enabled dhcp snooping for all vlan configured on the switch, but only few vlan show up as operational. Please clarify.


Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-IPBASEK9-M), Version 12.2(53)SG8, RELEASE


ip dhcp snooping vlan 30,100-119,300-349,400-449,600,700,710,996-997


Switch#sh ip dhcp snooping

Switch DHCP snooping is enabled

DHCP snooping is configured on following VLANs:

30,100-119,300-349,400-449,600,700,710,996-997

DHCP snooping is operational on following VLANs:

30,108,308,600,700,710,996-997

DHCP snooping is configured on the following L3 Interfaces:


Insertion of option 82 is disabled

   circuit-id default format: vlan-mod-port

   remote-id: 0026.9914.8a80 (MAC)

Option 82 on untrusted port is not allowed

Verification of hwaddr field is enabled

Verification of giaddr field is enabled

DHCP snooping trust/rate is configured on the following Interfaces:


Interface                  Trusted    Allow option    Rate limit (pps)

-----------------------    -------    ------------    ----------------  

TenGigabitEthernet5/1      yes        yes             unlimited

  Custom circuit-ids:

TenGigabitEthernet5/2      yes        yes             unlimited

  Custom circuit-ids:

Port-channel1              yes        yes             unlimited

  Custom circuit-ids:

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jeff Van Houten Mon, 01/20/2014 - 21:08
User Badges:
  • Silver, 250 points or more

Is there an active port on that switch for the non-operational snooping Vlans?

Sent from Cisco Technical Support iPad App

devils_advocate Tue, 01/21/2014 - 06:56
User Badges:
  • Gold, 750 points or more
  • Community Spotlight Award,

    Small Business, November 2015

Initially I thought the same as Jeff in that you needed ports in the Vlans before they became operational for DHCP snooping but a quick test on a 3750x I have here disproved that.


The only way I could replicate your scenario was to enable DHCP snooping for non existant Vlans.


For example, enabling DHCP snooping for Vlans 10-20 would show:


Switch#sh ip dhcp snooping

Switch DHCP snooping is enabled

DHCP snooping is configured on following VLANs:

10-20

DHCP snooping is operational on following VLANs:

10-20


But ONLY if Vlans 10-20 existed as L2 vlans.

If I deleted Vlan 19, I see the following:


Switch#sh ip dhcp snooping

Switch DHCP snooping is enabled

DHCP snooping is configured on following VLANs:

10-20

DHCP snooping is operational on following VLANs:

10-18,20



I suspect you have enabled DHCP snooping for L2 Vlans which do not actually exist in the Vlan database on that switch??

Actions

This Discussion