Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

EtherChannel and ip dhcp snooping does not work together

Aggregation switch C3750G is connected to distribution switch C2950 via EtherChannel (two 1G ports). If I configure on any of two switches "ip dhcp snooping" feature, DHCP packets are blocked. Without EtherChannel works snooping well (the same ip dhcp snooping configuration). Any ideas, how to configure EtherChannel to work with snooping? Thanks, Tomas

15 REPLIES
Bronze

Re: EtherChannel and ip dhcp snooping does not work together

You can try disabing Option 82 & configure trust port in the port-channel interface or upgrade the IOS of 3750 to 12.2.25 SEE.

New Member

Re: EtherChannel and ip dhcp snooping does not work together

Hallo, thanks for your concern. My IOS of 3750 is one of the latest:

C3750 Software (C3750-IPBASEK9-M), Version 12.2(25)SEE2

What I need is snooping working over EtherChannel in the same way as over single link. I suspect a bug or a workaround I don't know.

Tomas

New Member

Re: EtherChannel and ip dhcp snooping does not work together

This is verified as Bug CSCeg74243.

Workaround:

Disable etherchannel and use a single connection between the switches.

Hope this helps.

Regards,

Bill.

New Member

Re: EtherChannel and ip dhcp snooping does not work together

Thanks Bill.

I am looking forward to CSCeg74243 solution.

Happy New Year,

Tomas

New Member

Re: EtherChannel and ip dhcp snooping does not work together

Almost 4 years later.

Is this solved? Cause I had the same problem. Network with 3750G stacks, interconnected by EtherChannel links (3 x 1Gbps links). If you try to enable DHCP snooping, the L2 loop behaviour happens.

Not sure where should I look for the solution.

BR

Re: EtherChannel and ip dhcp snooping does not work together

Did you trust all the ports and the etherchannel? I am a little new to DHCP snooping but I would think you need to make sure on the the interfaces in the ehter channel and the etherchannel itself should have the following command configured.... ip dhcp snooping trust

Also all you uplinks should have that configured as well.

Mike

New Member

Re: EtherChannel and ip dhcp snooping does not work together

Of course I did that.

I "trusted" all uplink ports. In this case uplink port are both 3 physical 1 Gig ports which are members of port-channel, and logical 3Gig port (portchannel). In the same time, uplink is a trunk. When I enabled the feature, I got the following messages


975927: Jul 30 14:54:14.267 CEST: %SW_MATM-4-MACFLAP_NOTIF: Host 001e.0bea.bd9e in vlan 2 is flapping between port Po3 and port Po1
975928: Jul 30 14:54:29.392 CEST: %SW_MATM-4-MACFLAP_NOTIF: Host 001e.0bea.bd9e in vlan 2 is flapping between port Po2 and port Po3
975930: Jul 30 14:54:44.542 CEST: %SW_MATM-4-MACFLAP_NOTIF: Host 001e.0bea.bd9e in vlan 2 is flapping between port Po2 and port Po3
975931: Jul 30 14:54:59.708 CEST: %SW_MATM-4-MACFLAP_NOTIF: Host 001e.0bea.bd9e in vlan 2 is flapping between port Po2 and port Po3
975933: Jul 30 14:55:14.850 CEST: %SW_MATM-4-MACFLAP_NOTIF: Host 001e.0bea.bd9e in vlan 2 is flapping between port Po3 and port Po2
975934: Jul 30 14:55:24.891 CEST: %SW_MATM-4-MACFLAP_NOTIF: Host 001e.0bea.bd9e in vlan 2 is flapping between port Po3 and port Po1
975935: Jul 30 14:55:26.150 CEST: %SW_MATM-4-MACFLAP_NOTIF: Host 001e.0bea.bd9e in vlan 2 is flapping between port Po1 and port Po3
975936: Jul 30 14:55:27.953 CEST: %SW_MATM-4-MACFLAP_NOTIF: Host 001e.0bea.bd9e in vlan 2 is flapping between port Po1 and port Po3
975937: Jul 30 14:55:30.034 CEST: %SW_MATM-4-MACFLAP_NOTIF: Host 001e.0bea.bd9e in vlan 2 is flapping between port Po1 and port Po3

The MAC address is my DHCP server sitting on its own switch. Since it is server aggregation switch it has no enabled DHCP snooping.

However, the network experienced a loop and felt down.

BR

Re: EtherChannel and ip dhcp snooping does not work together

Can you post the config and a diagram?

Mike

Highlighted
New Member

Re: EtherChannel and ip dhcp snooping does not work together

Burleyman, thanks for willingness to help!

I will try to do that later tonight or tomorrow. Configs are huge but the diagram is simple. Simple star topology with central switch stack in the center. All access switch-stacks are connected to the central one by 3Gig port-channel links. Servers are connected over 2960G switches, which are also connected to the central switch stack bye double 1Gig links (one forwarding, one blocked by rapid-pvst)

As I said, I will try to upload configs later.

BR

New Member

Re: EtherChannel and ip dhcp snooping does not work together

Hi mizoran78.

The issue was solved for two members EtherChannel. I did not check the solution on a "thicker" channel. We are waiting for your configuration. If it will be correct, I would recommend to ask an expert or set the TAC case.

Regards, Tomas

Re: EtherChannel and ip dhcp snooping does not work together

What was it that you did to solve?

Mike

New Member

Re: EtherChannel and ip dhcp snooping does not work together

This was verified as Bug CSCeg74243.

New Member

Re: EtherChannel and ip dhcp snooping does not work together

Hello,

I am sorry you waited for me a bit.

Here are sanitized configs of the central switch stack, 3 edge switch stacks and one server aggregation switche (where DHCP server resides).

As I have already said, the topology is simple star with sw-server-room in center. Details can be seen from descriptions on interfaces.

Now, because of described problem, DHCP snooping is globally disabled, but all other config statements regarding DHCP snooping are left there.

All inputs appreciated.

BR

mizoran

New Member

Re: EtherChannel and ip dhcp snooping does not work together

I have just seen that I forgot to tell which software I have on switches

SW-Server-room    12.2(50)SE3       C3750G

SW-1floor              12.1(19)EA1c     C3750G

SW-2floor              12.1(19)EA1       C3750G

SW-3floor              12.1(19)EA1       C3750G

SW-Servers-2        12.2(44)SE6       C2960G

Thanks for input!

mizoran

New Member

Re: EtherChannel and ip dhcp snooping does not work together

Hi Mizoran.

I am not sure if you configuration is supported as to EtherChannel. It is a combination of Interstack Ether Channel with stacks on both sides. I have an experience with the configuration on the left side in the attached chart. It works with the DHCP snooping enabled since the Bug CSCeg74243 was solved. Your simplified topology is on the right side (for the 1st floor only, but all floors are analogical).  I am sorry, you described it well in your text but I saw it through from the configurations only. I would recommend ask the expert or if you have time to experiment try restrict Interstack to core site only. Configure the whole channel on the distribution site in one member only.

Regards, Tomas

3596
Views
0
Helpful
15
Replies
CreatePlease login to create content