Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
989
Views
0
Helpful
8
Replies

DHCP Snooping

bhupeshg
Level 1
Level 1

‎08-28-2008 06:42 AM - edited ‎03-06-2019 01:03 AM

We are in process to implement the DHCP snooping in to our network (multiple buildings)and

all the location, Users of all the locations are getting the ip address from DHCP except

one.

We have one location which has got 50 users and all the users nodes are taking the DHCP Ip

address from different building over WAN (with help of IP helper-address), but after DHCP

snooping implementation users are facing difficulty on this, even all the trunk interface

ports are trusted for DHCP snooping. Please find the connectivity scenario with location A

& B:-

|||||A-DHCP User-->A-user access switch-->A-Core switch-->WAN ATM

network-->B-Core Switch-->B-Server access Switch-->B-DHCP server

(192.168.90.11)||||||

Please help on this and have look in to some technical detail:

#A- user VLAN: Vlan ID 31

#B- Server VLAN: Vlan ID 40

# All the switches are in to transparent mode.

# all the switch between A & B is having DHCP config and trunk interface are trusted.

Labels:
0 Helpful
8 Replies 8

satish_zanjurne
Level 4
Level 4

‎08-28-2008 06:47 AM

Hi,

try disabling the snooping on the access switch globally & re-enable it..

0 Helpful

Chad Peterson
Cisco Employee
Cisco Employee

‎08-29-2008 12:27 PM

Try debugging DHCP snooping in that location. The debugs are usually very detailed.

Also are you running DHCP snooping on the access layer?

Also do some sniffer captures on your DHCP server to see if they ever see the discover packet. It should help narrow down the search of where to look.

0 Helpful

andrew.butterworth
Level 7
Level 7

‎08-29-2008 01:34 PM

What DHCP Servers are they? If they are Windows 2000/2003 then you will need to disable Option 82 insertion as this is not recognised by Windows 2000/2003 and they discard the DHCP packets:

no ip dhcp snooping information option

Other than that the configuration is pretty simple - enable DHCP snooping globally and then for each access VLAN where your DHCP clients are. Enable DHCP snooping trust on layer-2 access switch uplinks (not needed on layer-3 routed uplinks) and enable trust on the post your DHCP server is connected to.

HTH

Andy

Please rate useful posts

0 Helpful

bhupeshg
Level 1
Level 1
In response to andrew.butterworth

‎08-31-2008 07:59 AM

Hi Andrew,

Thanks for the reply.

We are running with Windows 2000 DHCP server. I am again describing the issue below.

Issue: We have 5 locations say A, B, C, D, E. Out of five, four locations are having there DHCP servers with in the location. There is no WAN coming into picture. DHCP snooping is working fine for all those locations.

Now the issue arises when we have implemented DHCP snooping into a location say E which has DHCP server present at location A(Connected via Nortel Passport to location E) but at this point of time, location A is not having DHCP snooping configured. In this case, all the hosts present at location E are getting the IP address from DHCP server present at location A.

When we have configured DHCP snooping at location A(location A being critical, so configured in last), location E hosts are not able to get the IP address from DHCP server. So we have configured local DHCP pool into Core switch to provide a workaround to the issue. Thus there is no issue which relates to helper address as per your previous mail.

Also we have configured all the trunk ports and port connected to DHCP server with command IP DHCP SNOOPING TRUST, with no ip dhcp snooping information option.

Connectivity is as below:

Location E (User Access)-->Location E(Core)----> Nortel Passport---->Location A (Core)--> Location A(Server Switch)

0 Helpful

andrew.butterworth
Level 7
Level 7
In response to bhupeshg

‎08-31-2008 10:21 AM

Have you configured trusting on the access ports connected to the Nortel Passports (I assume these are routers?).

Andy

0 Helpful

bhupeshg
Level 1
Level 1
In response to andrew.butterworth

‎09-01-2008 06:37 PM

Yes andrew, we do configured the switch ports as trusted connected to passports.

0 Helpful

MUHAMMAD SHAHEEN
Level 4
Level 4

‎08-29-2008 02:37 PM

Hi Bhupesh,

Here is the doc which will help you

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/12ew/configuration/guide/dhcp.pdf

please let us know if you need more assistance

HTH

Shaheen

0 Helpful

Marwan ALshawi
VIP Alumni
VIP Alumni

‎09-01-2008 07:11 PM

make sure dhcp snooping enabed globaly on all switches

then evry uplink link from access-switches to core is configured as trusted ports

and if the link between the core switches is L3 no problem if u dont configur it as trusted

the same idea u have to do it on site B

additionaly and the MOST IMPORTANtT make sure the dhcp server port is set to trusted port

als if u have large amount of useres try to chnge the limit option on the trusted and untrausted ports

good luck

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card