dhcp snooping and wireless Virtual Machines

Ricardo Munioz Cabero · ‎05-04-2012

Hi to all,

I have the following problem:

A virtual machine (in VMware workstation).
Catalyst 3560X switch with dhcp snooping enabled.
- The dhcp snooping configuration displayed below:

ip dhcp snooping vlan 1-200

no ip dhcp snooping information option

no ip dhcp snooping verify mac-address

ip dhcp snooping

! Uplink ports to the DHCP server are trusted.

! The limit rates are above 16 packets per secon for evey access interface (with one host only) and above 100 for trunk interfaces.

The client (VM) doesn't get a DHCP address when using the wireless interface. It does work when using the Ethernet interface.

In wireshark there are only DHCP Discover packets with no offers or subsequent messages.

Using the debug comands I see that the switch is dropping the DHCP Offer packets because it doesn't have the Client's (VM) MAC address in its table.

Check wireshark again and the Discover packet efectively is going out with the Physical wireless adatper MAC address.

That's why i tried with the "no ip dhcp snooping verify-mac address" (which I think is disabled by default anyway but not sure). Even so, the DHCP offer packets are still being discarded. The debug output for the DHCP Offer is below:

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

May 4 18:27:11.629: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Gi1/0/23 for pak. Was not set

May 4 18:27:11.629: DHCPSNOOP(hlfm_set_if_input): Clearing if_input for pak. Was Gi1/0/23

May 4 18:27:11.629: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Gi1/0/23 for pak. Was not set

May 4 18:27:11.629: DHCP_SNOOPING: received new DHCP packet from input interface (GigabitEthernet1/0/23)

May 4 18:27:11.629: DHCP_SNOOPING_SW: client address lookup failed to locate client interface, retry lookup u

sing packet mac DA: ffff.ffff.ffff

May 4 18:27:11.629: DHCP_SNOOPING_SW: lookup packet destination port failed to get mat entry for mac: 000c.29

f8.e402

May 4 18:27:11.629: DHCP_SNOOPING: process new DHCP packet, message type: DHCPOFFER, input interface: Gi1/0/2

3, MAC da: ffff.ffff.ffff, MAC sa: 2c3f.382f.13f0, IP da: 255.255.255.255, IP sa: 192.168.130.1, DHCP ciaddr:

0.0.0.0, DHCP yiaddr: 192.168.130.40, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 000c.29f8.e402

May 4 18:27:11.629: DHCP_SNOOPING_SW: client address lookup failed to locate client interface, retry lookup u

sing packet mac DA: ffff.ffff.ffff

May 4 18:27:11.629: DHCP_SNOOPING_SW: lookup packet destination port failed to get mat entry for mac: 000c.29

f8.e402

May 4 18:27:11.629: DHCP_SNOOPING: can't find output interface for dhcp reply. the message is dropped.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note: 000c.29f8.e402 is the VM's MAC address (which the switch never learns when using wireless).

For now, my only two options are disabling dhcp snooping or using static IP addresses for the virtual machines, none of them a goo option for me.

I hope somebody can help me with this.

Note 2: This is happening only for Virtual Machines bridging their virtual adapters to the physical wireless adapter. In that case, the frame goes out with the real machine's MAC address.

Thanks.