Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

DHCP snooping binding

Dear all,

I run DHCP snooping & DAI.

typically all leases from external server are noted and added to binding table. however recently I have noticed that after lease was increased, some entries just assigned were no longer present within the lease period.

for example if my lease is 48hrs, entries were not present after 8hrs...no NAK or release messages were logged. as a result DAI did what is suppose to do.

Platform is 4510 , 12.2(31) SGA8 release notes were parsed for BUGs, none found.

any thoughts ?

TIA

Sam

3 REPLIES
Cisco Employee

Re: DHCP snooping binding

Hi Sam,

An interesting issue. Personally, I would start by looking carefully at the show ip dhcp binding output and having a look whether the recorded leases have the proper lease time indicated. If not then it would be worth trying to sniff the DHCPACK messages to see what timeouts they contain and in what relationship they are in comparison with the DHCP snooping database.

An entry in the DHCP snooping database will be removed if the associated port goes down. Also, while I am not completely sure about it I suspect that other connectivity changes could also account for flushing an entry - 802.1X authentication failure, STP role/state change on a port or similar. That would be my second guess - to check whether there are events similar to these that could potentially cause the DHCP snooping entries to be flushed. Note that Windows in particular tend to ignore short connectivity issues and they often do not renew their DHCP lease after an intermittent connectivity problem.

If debugging is possible for you, I would also have a look for the output of the debug ip dhcp snooping event command (and the related debugs) to see if any reason for flushing an entry from the snooping database is indicated.

Best regards,

Peter

Re: DHCP snooping binding

Thanks Peter !

I quickly tested if snooping database is cleared if a port goes down, and I am afraid it does not. logged lease just keeps decreasing as normal (bearing in mind I am using PVLANs).

I will definitely debug and use a sniffer.

Sam

Cisco Employee

Re: DHCP snooping binding

Hello Sam,

Hmm... I'm home right now but I will be in a lab tomorrow so I will also give it a try.

Best regards,

Peter

167
Views
0
Helpful
3
Replies
CreatePlease to create content