09-04-2012 12:12 PM - edited 03-07-2019 08:41 AM
Hello,
We have a DHCP SERVER implemented in a cisco router 2610.
This router is connected to a switch cisco 2960 configured as DHCP SNOOPING.
At the switch appear the next log message:
%DHCP_SNOOPING-5-DHCP_SNOOPING_NONZERO_GIADDR: DHCP_SNOOPING drop message with non-zero giaddr or option82 value on untrusted port,
message type: DHCPINFORM, MAC sa: 001e.13ba.2040
%DHCP_SNOOPING-5-DHCP_SNOOPING_NONZERO_GIADDR: DHCP_SNOOPING drop message with non-zero giaddr or option82 value on untrusted port,
message type: DHCPINFORM, MAC sa: 9c4e.2098.b9c0
%DHCP_SNOOPING-5-DHCP_SNOOPING_NONZERO_GIADDR: DHCP_SNOOPING drop message with non-zero giaddr or option82 value on untrusted port,
message type: DHCPREQUEST, MAC sa: 001e.13ba.2040
%DHCP_SNOOPING-5-DHCP_SNOOPING_NONZERO_GIADDR: DHCP_SNOOPING drop message with non-zero giaddr or option82 value on untrusted port,
message type: DHCPINFORM, MAC sa: 9c4e.2098.b9c0
%DHCP_SNOOPING-5-DHCP_SNOOPING_NONZERO_GIADDR: DHCP_SNOOPING drop message with non-zero giaddr or option82 value on untrusted port,
message type: DHCPREQUEST, MAC sa: 001e.13ba.2040
%DHCP_SNOOPING-5-DHCP_SNOOPING_NONZERO_GIADDR: DHCP_SNOOPING drop message with non-zero giaddr or option82 value on untrusted port,
message type: DHCPREQUEST, MAC sa: 001e.13ba.2040
%DHCP_SNOOPING-5-DHCP_SNOOPING_NONZERO_GIADDR: DHCP_SNOOPING drop message with non-zero giaddr or option82 value on untrusted port,
message type: DHCPINFORM, MAC sa: 001e.13ba.2040
%DHCP_SNOOPING-5-DHCP_SNOOPING_NONZERO_GIADDR: DHCP_SNOOPING drop message with non-zero giaddr or option82 value on untrusted port,
message type: DHCPREQUEST, MAC sa: 001e.13ba.2040
%DHCP_SNOOPING-5-DHCP_SNOOPING_NONZERO_GIADDR: DHCP_SNOOPING drop message with non-zero giaddr or option82 value on untrusted port,
message type: DHCPINFORM, MAC sa: 001e.13ba.2040
DHCP_SNOOPING-5-DHCP_SNOOPING_NONZERO_GIADDR: DHCP_SNOOPING drop message with non-zero giaddr or option82 value on untrusted port,
The mac-address shown at the log belong to interfaces vlan 1 of other access switches:
SW_SITELCHINCHON_3560PoE#sh int vlan 1
Vlan1 is up, line protocol is up
Hardware is EtherSVI, address is 001e.13ba.2040 (bia 001e.13ba.2040)
SW_AVAYA_CCCR#sh int vlan 1
Vlan1 is up, line protocol is up
Hardware is EtherSVI, address is 9c4e.2098.b9c0 (bia 9c4e.2098.b9c0)
All the int vlan 1 are configured as follows:
interface Vlan1
ip address 10.x.y.z 255.255.0.0
ip helper-address 10.100.200.1
The ip address: 10.100.200.1 belongs to DHCP SERVER configured at router cisco 2610.
Can somebody tell me what to do so these log messages does not appear any more?
Do I need to do some configuration changes at some switch or router?
Thanks
Solved! Go to Solution.
09-07-2012 12:59 PM
Hello Roger,
I see. Okay. Can you please tell me if the DHCP service is currently working satisfactorily in your network and no more DHCP Snooping messages are being produced on your switches?
Best regards,
Peter
09-04-2012 12:18 PM
Hi Roger,
Can you please post a diagram of your network topology? The message you are seeing basically says that a DHCP message relayed by a DHCP Relay Agent was received on an untrusted port of your DHCP Snooping-enabled switch. However, to correctly rectify this issue, we need to precisely know the topology of your network, the placement of the DHCP server and DHCP Relay Agents (the switches configured with the ip helper-address command) and we also need to know which switches are configured with DHCP Snooping.
Thank you!
Best regards,
Peter
09-04-2012 01:47 PM
09-04-2012 02:18 PM
Hello Roger,
Thank you for the topology. If I am reading it correctly, every device including the DHCP server is placed into VLAN 1. I am assuming that based on the fact that all devices including the DHCP server are located in the 10.100.0.0/16 network. Am I correct in this assumption?
If yes then please follow these steps:
Best regards,
Peter
09-06-2012 09:19 AM
Peter,
I am sorry for the delay but i was evaluating the results after the changes were made.
All is O.K., the switch where is configured DHCP SNOOPING does not show any error log message and we do not have problems of ip conflict.
I have only one observation:
We have configured DHCP SERVER in a cisco router 2610 and due to old version of IOS we could not to configure:
ip dhcp relay information trust-all
The only command we can configure was: ip dhcp relay information option.
Do you have any observation about this command?.
Best regards.
Roger
09-07-2012 04:28 AM
Hello Roger,
The ip dhcp relay information option is a different command (it actually controls the insertion of Option-82 into DHCP messages if they are relayed by this router) and I recommend not modifying or using it, as the default setting is fine for your needs.
If the ip dhcp relay information trust-all command is not available on the router then try to enter the configuration mode of the interface on the router that is connected to the switch, and try using the ip dhcp relay information trusted command on that router's interface.
Please keep me informed.
Best regards,
Peter
09-07-2012 08:36 AM
Peter,
this are the only options available at cisco router 2610 interface connected to the switch:
DHCP_SITEL(config)#ip dhcp relay information ?
check Validate relay information in BOOTREPLY
option Insert relay information in BOOTREQUEST
policy Define reforwarding policy
DHCP_SITEL(config)#
if the command you are indicating is very critical for the configuration tell if we need to change of router (the actual router 2610 is very old and is EOL/EOS).
Waiting your sooner answer.
attn.
Roger
09-07-2012 12:50 PM
Hello Roger,
The command is not critical. If your DHCP service appears to work correctly, i.e. the devices are able to obtain their IP settings from DHCP, you do not need to worry about that command.
What IOS version are you running on the 2610, by the way?
Best regards,
Peter
09-07-2012 12:54 PM
Peter,
This is the IOS of router 2610:
DHCP_SITEL#sh ver
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-IS-M), Version 12.1(5)T15, RELEASE SOFTWARE (fc2
)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Thu 17-Jul-03 22:24 by kellmill
Image text-base: 0x80008088, data-base: 0x8101B904
ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)
DHCP_SITEL uptime is 1 week, 2 days, 18 hours, 39 minutes
System returned to ROM by reload at 15:45:40 UTC Sun Sep 16 2001
System restarted at 20:15:39 GMT Tue Aug 28 2012
System image file is "flash:c2600-is-mz.121-5.T15.bin"
cisco 2610 (MPC860) processor (revision 0x203) with 45056K/4096K bytes of memory
.
Processor board ID JAD05060V4V (2453473232)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
Basic Rate ISDN software, Version 1.1.
1 Ethernet/IEEE 802.3 interface(s)
1 Serial network interface(s)
1 ISDN Basic Rate interface(s)
2 Voice FXS interface(s)
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read/Write)
Attn.
Roger
09-07-2012 12:59 PM
Hello Roger,
I see. Okay. Can you please tell me if the DHCP service is currently working satisfactorily in your network and no more DHCP Snooping messages are being produced on your switches?
Best regards,
Peter
09-07-2012 01:19 PM
Peter,
At DHCP server and switch (dhcp snooping) all is ok.
At log does not appear any error message regard snooping.
There is not any conflict error message.
Thanks very much.
Roger
09-07-2012 02:21 PM
Hello Roger,
It was a pleasure. Thank you!
Best regards,
Peter
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: