Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Catalyst 2960 - ip DHCP snooping VLAN

Hello to everyone,

I have some issue with DHCP snooping on Catalyst 2960.

I added some vlans:

ip dhcp snooping vlan 2,400,401,402,403

But it dosen't work.

All details:

Version

Cisco IOS Software, C2960 Software (C2960-LANBASE-M), Version 12.2(25)SEE2, RELEASE SOFTWARE (fc1)

Configuration before:

SW13#sh ip dhcp snooping

Switch DHCP snooping is disabled

DHCP snooping is configured on following VLANs:

none

Insertion of option 82 is enabled

   circuit-id format: vlan-mod-port

    remote-id format: MAC

Option 82 on untrusted port is not allowed

Verification of hwaddr field is enabled

Interface                    Trusted     Rate limit (pps)

------------------------     -------     ----------------

SW13#sh ip dhcp binding

IP address       Client-ID/              Lease expiration        Type

                 Hardware address

#List of VLANs

SW13#sh vlan

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

1    default                          active    Fa0/17, Gi0/2

2    GUEST                            active

8    W-Int                            active

24   CONSOLES                         active

64   Inside                           active

100  WAN                              active

128  Mgm                              active

224  DMZ                              active

230  VoIP                             active    Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16

                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24

.

.

.

400  FLOOR-0                          active    Fa0/6, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/13, Fa0/15, Fa0/16, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23

                                                Fa0/24

401  FLOOR-1                          active

402  FLOOR-2                          active

403  FLOOR-3                          active    Fa0/14

.

.

.

Then I've made DHCP snooping config:

Enter configuration commands, one per line.  End with CNTL/Z.

SW13(config)#ip dhcp snooping

SW13(config)#ip dhcp snooping vlan 2,400,401,402,403

SW13(config)#no ip dhcp snooping information option

SW13(config)#int gi 0/1

SW13(config-if)#ip dhcp snooping trust

# Gi0/1 is trunk

After config I've gotten this

SW13#sh ip dhcp snooping

Switch DHCP snooping is enabled

DHCP snooping is configured on following VLANs:

2

Insertion of option 82 is disabled

   circuit-id format: vlan-mod-port

    remote-id format: MAC

Option 82 on untrusted port is not allowed

Verification of hwaddr field is enabled

Interface                    Trusted     Rate limit (pps)

------------------------     -------     ----------------

GigabitEthernet0/1           yes         unlimited

But also this:

SW13#sh run

!

ip dhcp snooping vlan 2,400-403

no ip dhcp snooping information option

ip dhcp snooping

ip domain-name mydomain.local

ip name-server 192.168.10.10

!

!

  It works only for one VLAN, VLAN 2

  SW13#sh ip dhcp snooping binding

MacAddress          IpAddress        Lease(sec)  Type           VLAN  Interface

------------------  ---------------  ----------  -------------  ----  --------------------

04:46:61:90:55:3D   192.168.102.27   3536        dhcp-snooping  2     FastEthernet0/1

Any help?

How to make it works for other vlans?

Is it problem related to IOS version, or something other?

Thank you.

5 REPLIES

Catalyst 2960 - ip DHCP snooping VLAN

Hi,

have you yet verified that VLANs 400-403 exist and are in active state (show vlan brief)?

Regards

Rolf

New Member

Catalyst 2960 - ip DHCP snooping VLAN

Yes, they are all in active state, that switch is a VTP client, I have another switches, some of them with another IOS version work fine, but switches with this version of IOS have this problem.

I've tried to reload, but without success.

Sincerely,

J

Cisco Employee

Catalyst 2960 - ip DHCP snooping VLAN

Hello Jovan,

It looks like we are hitting software defect

CSCse03859 Bug Details

2960 : DHCP snooping does not work for vlan id greater than 255

Symptom:

On a 2960 series switch, dhcp snooping is not effective on vlans whose number
is greater than 255.

Conditions:

The switch is in VTP server mode when the VLANs above 255 are created.

Workaround:

Create the VLANs in VTP transparent mode before enabling them for DHCP Snooping.

Regards

Partha

Cisco Employee

Catalyst 2960 - ip DHCP snooping VLAN

Jovan,

Try to reconfigure dhcp snooping after changing the VTP mode to transparent. I believe currenlty the VTP mode is client,

Regards

Partha

New Member

Catalyst 2960 - ip DHCP snooping VLAN

Partha,

Thank you for your help.

Yes VTP mode is client, I didn't change mode to transparent because I need that switch in VTP client mode. I put new IOS version.

Just an IOS upgrade.

Now it's working.

Thanks, again.

Regards,

Jovan.

652
Views
5
Helpful
5
Replies