08-28-2008 06:42 AM - edited 03-06-2019 01:03 AM
We are in process to implement the DHCP snooping in to our network (multiple buildings)and
all the location, Users of all the locations are getting the ip address from DHCP except
one.
We have one location which has got 50 users and all the users nodes are taking the DHCP Ip
address from different building over WAN (with help of IP helper-address), but after DHCP
snooping implementation users are facing difficulty on this, even all the trunk interface
ports are trusted for DHCP snooping. Please find the connectivity scenario with location A
& B:-
|||||A-DHCP User-->A-user access switch-->A-Core switch-->WAN ATM
network-->B-Core Switch-->B-Server access Switch-->B-DHCP server
(192.168.90.11)||||||
Please help on this and have look in to some technical detail:
#A- user VLAN: Vlan ID 31
#B- Server VLAN: Vlan ID 40
# All the switches are in to transparent mode.
# all the switch between A & B is having DHCP config and trunk interface are trusted.
08-28-2008 06:47 AM
Hi,
try disabling the snooping on the access switch globally & re-enable it..
08-29-2008 12:27 PM
Try debugging DHCP snooping in that location. The debugs are usually very detailed.
Also are you running DHCP snooping on the access layer?
Also do some sniffer captures on your DHCP server to see if they ever see the discover packet. It should help narrow down the search of where to look.
08-29-2008 01:34 PM
What DHCP Servers are they? If they are Windows 2000/2003 then you will need to disable Option 82 insertion as this is not recognised by Windows 2000/2003 and they discard the DHCP packets:
no ip dhcp snooping information option
Other than that the configuration is pretty simple - enable DHCP snooping globally and then for each access VLAN where your DHCP clients are. Enable DHCP snooping trust on layer-2 access switch uplinks (not needed on layer-3 routed uplinks) and enable trust on the post your DHCP server is connected to.
HTH
Andy
Please rate useful posts
08-31-2008 07:59 AM
Hi Andrew,
Thanks for the reply.
We are running with Windows 2000 DHCP server. I am again describing the issue below.
Issue: We have 5 locations say A, B, C, D, E. Out of five, four locations are having there DHCP servers with in the location. There is no WAN coming into picture. DHCP snooping is working fine for all those locations.
Now the issue arises when we have implemented DHCP snooping into a location say E which has DHCP server present at location A(Connected via Nortel Passport to location E) but at this point of time, location A is not having DHCP snooping configured. In this case, all the hosts present at location E are getting the IP address from DHCP server present at location A.
When we have configured DHCP snooping at location A(location A being critical, so configured in last), location E hosts are not able to get the IP address from DHCP server. So we have configured local DHCP pool into Core switch to provide a workaround to the issue. Thus there is no issue which relates to helper address as per your previous mail.
Also we have configured all the trunk ports and port connected to DHCP server with command IP DHCP SNOOPING TRUST, with no ip dhcp snooping information option.
Connectivity is as below:
Location E (User Access)-->Location E(Core)----> Nortel Passport---->Location A (Core)--> Location A(Server Switch)
08-31-2008 10:21 AM
Have you configured trusting on the access ports connected to the Nortel Passports (I assume these are routers?).
Andy
09-01-2008 06:37 PM
Yes andrew, we do configured the switch ports as trusted connected to passports.
08-29-2008 02:37 PM
Hi Bhupesh,
Here is the doc which will help you
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/12ew/configuration/guide/dhcp.pdf
please let us know if you need more assistance
HTH
Shaheen
09-01-2008 07:11 PM
make sure dhcp snooping enabed globaly on all switches
then evry uplink link from access-switches to core is configured as trusted ports
and if the link between the core switches is L3 no problem if u dont configur it as trusted
the same idea u have to do it on site B
additionaly and the MOST IMPORTANtT make sure the dhcp server port is set to trusted port
als if u have large amount of useres try to chnge the limit option on the trusted and untrausted ports
good luck
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: