Solved: Catalyst 2960 - ip DHCP snooping VLAN

Ritter Rs · ‎08-30-2013

Hello to everyone,

I have some issue with DHCP snooping on Catalyst 2960.

I added some vlans:

ip dhcp snooping vlan 2,400,401,402,403

But it dosen't work.

All details:

Version

Cisco IOS Software, C2960 Software (C2960-LANBASE-M), Version 12.2(25)SEE2, RELEASE SOFTWARE (fc1)

Configuration before:

SW13#sh ip dhcp snooping

Switch DHCP snooping is disabled

DHCP snooping is configured on following VLANs:

none

Insertion of option 82 is enabled

circuit-id format: vlan-mod-port

remote-id format: MAC

Option 82 on untrusted port is not allowed

Verification of hwaddr field is enabled

Interface Trusted Rate limit (pps)

------------------------ ------- ----------------

SW13#sh ip dhcp binding

IP address Client-ID/ Lease expiration Type

Hardware address

#List of VLANs

SW13#sh vlan

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Fa0/17, Gi0/2

2 GUEST active

8 W-Int active

24 CONSOLES active

64 Inside active

100 WAN active

128 Mgm active

224 DMZ active

230 VoIP active Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16

Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24

.

400 FLOOR-0 active Fa0/6, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/13, Fa0/15, Fa0/16, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23

Fa0/24

401 FLOOR-1 active

402 FLOOR-2 active

403 FLOOR-3 active Fa0/14

.

Then I've made DHCP snooping config:

Enter configuration commands, one per line. End with CNTL/Z.

SW13(config)#ip dhcp snooping

SW13(config)#ip dhcp snooping vlan 2,400,401,402,403

SW13(config)#no ip dhcp snooping information option

SW13(config)#int gi 0/1

SW13(config-if)#ip dhcp snooping trust

# Gi0/1 is trunk

After config I've gotten this

SW13#sh ip dhcp snooping

Switch DHCP snooping is enabled

DHCP snooping is configured on following VLANs:

2

Insertion of option 82 is disabled

circuit-id format: vlan-mod-port

remote-id format: MAC

Option 82 on untrusted port is not allowed

Verification of hwaddr field is enabled

Interface Trusted Rate limit (pps)

------------------------ ------- ----------------

GigabitEthernet0/1 yes unlimited

But also this:

SW13#sh run

!

ip dhcp snooping vlan 2,400-403

no ip dhcp snooping information option

ip dhcp snooping

ip domain-name mydomain.local

ip name-server 192.168.10.10

!

It works only for one VLAN, VLAN 2

SW13#sh ip dhcp snooping binding

MacAddress IpAddress Lease(sec) Type VLAN Interface

------------------ --------------- ---------- ------------- ---- --------------------

04:46:61:90:55:3D 192.168.102.27 3536 dhcp-snooping 2 FastEthernet0/1

Any help?

How to make it works for other vlans?

Is it problem related to IOS version, or something other?

Thank you.

Partha Dasgupta · ‎08-30-2013

Hello Jovan,

It looks like we are hitting software defect

CSCse03859 Bug Details

Regards

Partha

View solution in original post

Rolf Fischer · ‎08-30-2013

Hi,

have you yet verified that VLANs 400-403 exist and are in active state (show vlan brief)?

Regards

Rolf

Ritter Rs · ‎08-30-2013

Yes, they are all in active state, that switch is a VTP client, I have another switches, some of them with another IOS version work fine, but switches with this version of IOS have this problem.

I've tried to reload, but without success.

Sincerely,

J

Partha Dasgupta · ‎08-30-2013

Hello Jovan,

It looks like we are hitting software defect

CSCse03859 Bug Details

Regards

Partha

Partha Dasgupta · ‎08-30-2013

Jovan,

Try to reconfigure dhcp snooping after changing the VTP mode to transparent. I believe currenlty the VTP mode is client,

Regards

Partha

Ritter Rs · ‎09-03-2013

Partha,

Thank you for your help.

Yes VTP mode is client, I didn't change mode to transparent because I need that switch in VTP client mode. I put new IOS version.

Just an IOS upgrade.

Now it's working.

Thanks, again.

Regards,

Jovan.