Nov 4 09:33:29.390:%DHCP_SNOOPING-5-DHCP_SNOOPING_MATCH_MAC_FAIL: DHCP_SNOOPING drop message because the chaddr doesn't match source mac, message type: DHCPINFORM, chaddr: 000e.9bac.xxxx, MAC sa: 001a.6bd4.xxxx
Cisco explaination on this error is:
The DHCP snooping feature attempted MAC address validation and the check failed. There may be a malicious host trying to carry out a denial of service attack on the DHCP server. The packet will be dropped.
I have noticed that this message is appearing for several ports on my switch where pcs are connected. I didn't see anything other than DHCP request coming out from these hosts but not sure why the validation would. Can someone point me to direction what I should be done to fix this?
From what I understand from DHCP snooping it compares the client (PC) hardware address on that port (chaddr) with the MAC address of the sender of the DHCP packet. In your case the client hardware address is 000e.9bac.xxxx but the DHCP packet has been sent with MAC source address 001a.6bd4.xxxx. Is there no hub connected to the ports? Do you recognize 001a.6bd4.xxxx?
Error Message DHCP_SNOOPING-5-DHCP_SNOOPING_FAKE_INTERFACE: [char] drop message
with mismatched source interface the binding is not updated message type: [char]
MAC sa: [mac-addr]
Explanation The DHCP snooping feature has detected a host trying to carry out a denial of service attack on another host in the network. The packet will be dropped.
Recommended Action This is an informational message only. No action is required.
Error Message DHCP_SNOOPING-5-DHCP_SNOOPING_MATCH_MAC_FAIL: [char] drop message
because the chaddr doesn't match source mac message type: [char] chaddr:
[mac-addr] MAC sa: [mac-addr]
Explanation The DHCP snooping feature attempted MAC address validation and the check failed. There may be a malicious host trying to carry out a denial of service attack on the DHCP server. The packet will be dropped.
I'm glad you brought this up, I'm looking for the answer for this too. I have seen both wired mac address and wireless mac address when a dhcp request goes out via wired mac, Microsoft definitely need to fix this but there should be a way in the Cisco IOS to ignore wireless mac as it does in the CatOS or older IOS. I have these errors only in the newer IOS.
To add to the confusion, we just managed to hunt one of these machines down. Turns out it was a brand new iMac with both Airport and Ethernet enabled, so this doesn't appear to be just a Microsoft thing. Turning Airport off seemed to resolve the issue.
Macs seem to have a lot of issues in regards to network security if left in their default configuration with multiple interfaces. If anyone has advice on how to deal with the issues listed at this link, I'd welcome them!
A previous poster was correct in that this problem occurs when a given device such as a laptop has two network interfaces active and one tries to renew its DHCP address by using the other. An example would be a laptop with wired and wireless interfaces were the wireless interface sends its DHCP renewal thru the wired ip address.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...