Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
566
Views
0
Helpful
0
Replies

IP DHCP snooping binding problem with Windows 7 client

rcsimpson
Level 1
Level 1

‎07-31-2014 06:15 AM - edited ‎03-07-2019 08:13 PM

We have a 3750x with an Etherchannel connection to a Debian server and a single diskless client. The server is supplying DHCP, iSCSI and other services to support the diskless Windows 7 client.  The fact that the client is diskless may be a red herring.

We have configured DHCP snooping and ARP inspection to prevent unwanted connections to the network. Everything appears to work correctly with the client booting OK and the DHCP snooping proving the required security.

Unfortunately, after a few minutes the DHCP binding table (which was originally correct) changes to show an IP address of 0.0.0.0  Shortly thereafter we get ARP inspection errors and no more packets are routed to the client which, without its iSCSI disk locks up and then re-boots.

DHCP snooping errors are shown below.

Can anyone suggest what we may be doing wrong?

Thanks,

 Richard Simpson

*Mar  6 20:57:58.439: DHCP_SNOOPING: process new DHCP packet, message type: DHCP
INFORM, input interface: Gi1/0/22, MAC da: ffff.ffff.ffff, MAC sa: d067.e550.50d
e, IP da: 255.255.255.255, IP sa: 192.168.10.90, DHCP ciaddr: 192.168.10.90, DHC
P yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: d067
.e550.50de
*Mar  6 20:57:58.448: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFF
F.FFFF.FFFF, packet is flooded to ingress VLAN: (11)
*Mar  6 20:57:58.448: DHCP_SNOOPING: process new DHCP packet, message type: DHCP
ACK, input interface: Po5, MAC da: d067.e550.50de, MAC sa: c81f.66c7.ccdb, IP da
: 192.168.10.90, IP sa: 192.168.10.1, DHCP ciaddr: 192.168.10.90, DHCP yiaddr: 0
.0.0.0, DHCP siaddr: 192.168.10.1, DHCP giaddr: 0.0.0.0, DHCP chaddr: d067.e550.
50de
*Mar  6 20:57:58.448: DHCP_SNOOPING: direct forward dhcp replyto output port: Gi
gabitEthernet1/0/22.
MainSwitch#show ip dhcp snooping binding
MacAddress          IpAddress        Lease(sec)  Type           VLAN  Interface
------------------  ---------------  ----------  -------------  ----  ----------
----------
D0:67:E5:50:50:DE   0.0.0.0          86251       dhcp-snooping   11    GigabitEt
hernet1/0/22
Total number of bindings: 1

 

*Mar  6 21:55:48.043: DHCP_SNOOPING: process new DHCP packet, message type: DHCP
INFORM, input interface: Gi1/0/22, MAC da: ffff.ffff.ffff, MAC sa: d067.e550.50d
e, IP da: 255.255.255.255, IP sa: 192.168.10.90, DHCP ciaddr: 192.168.10.90, DHC
P yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: d067
.e550.50de
*Mar  6 21:55:48.052: DHCP_SNOOPING: add relay information option.
*Mar  6 21:55:48.052: DHCP_SNOOPING: binary dump of relay info option, length: 2
0 data:
0x52 0x12 0x1 0x6 0x0 0x4 0x0 0xB 0x1 0x16 0x2 0x8 0x0 0x6 0x10 0x5 0xCA 0xDE 0x
C3 0x0
*Mar  6 21:55:48.052: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFF
F.FFFF.FFFF, packet is flooded to ingress VLAN: (11)
*Mar  6 21:55:48.052: DHCP_SNOOPING: binary dump of option 82, length: 20 data:
0x52 0x12 0x1 0x6 0x0 0x4 0x0 0xB 0x1 0x16 0x2 0x8 0x0 0x6 0x10 0x5 0xCA 0xDE 0x
C3 0x0
*Mar  6 21:55:48.052: DHCP_SNOOPING: binary dump of extracted circuit id, length
: 8 data:
0x1 0x6 0x0 0x4 0x0 0xB 0x1 0x16
*Mar  6 21:55:48.052: DHCP_SNOOPING: binary dump of extracted remote id, length:
 10 data:
0x2 0x8 0x0 0x6 0x10 0x5 0xCA 0xDE 0xC3 0x0
*Mar  6 21:55:48.052: DHCP_SNOOPING: process new DHCP packet, message type: DHCP
ACK, input interface: Po5, MAC da: d067.e550.50de, MAC sa: c81f.66c7.ccdb, IP da
: 192.168.10.90, IP sa: 192.168.10.1, DHCP ciaddr: 192.168.10.90, DHCP yiaddr: 0
.0.0.0, DHCP siaddr: 192.168.10.1, DHCP giaddr: 0.0.0.0, DHCP chaddr: d067.e550.
50de
*Mar  6 21:55:48.052: DHCP_SNOOPING: remove relay information option.
*Mar  6 21:55:48.052: DHCP_SNOOPING: direct forward dhcp replyto output port: Gi
gabitEthernet1/0/22.
MainSwitch#
MainSwitch#show ip dhcp snooping binding
MacAddress          IpAddress        Lease(sec)  Type           VLAN  Interface
------------------  ---------------  ----------  -------------  ----  ----------
----------
D0:67:E5:50:50:DE   0.0.0.0          84819       dhcp-snooping   11    GigabitEt
hernet1/0/22
Total number of bindings: 1

 

*Mar  6 22:15:06.904: DHCP_SNOOPING: process new DHCP packet, message type: DHCP
INFORM, input interface: Gi1/0/22, MAC da: ffff.ffff.ffff, MAC sa: d067.e550.50d
e, IP da: 255.255.255.255, IP sa: 192.168.10.90, DHCP ciaddr: 192.168.10.90, DHC
P yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: d067
.e550.50de
*Mar  6 22:15:06.904: DHCP_SNOOPING: add relay information option.
*Mar  6 22:15:06.904: DHCP_SNOOPING: binary dump of relay info option, length: 2
0 data:
0x52 0x12 0x1 0x6 0x0 0x4 0x0 0xB 0x1 0x16 0x2 0x8 0x0 0x6 0x10 0x5 0xCA 0xDE 0x
C3 0x0
*Mar  6 22:15:06.904: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFF
F.FFFF.FFFF, packet is flooded to ingress VLAN: (11)
*Mar  6 22:15:06.913: DHCP_SNOOPING: binary dump of option 82, length: 20 data:
0x52 0x12 0x1 0x6 0x0 0x4 0x0 0xB 0x1 0x16 0x2 0x8 0x0 0x6 0x10 0x5 0xCA 0xDE 0x
C3 0x0
*Mar  6 22:15:06.913: DHCP_SNOOPING: binary dump of extracted circuit id, length
: 8 data:
0x1 0x6 0x0 0x4 0x0 0xB 0x1 0x16
*Mar  6 22:15:06.913: DHCP_SNOOPING: binary dump of extracted remote id, length:
 10 data:
0x2 0x8 0x0 0x6 0x10 0x5 0xCA 0xDE 0xC3 0x0
*Mar  6 22:15:06.913: DHCP_SNOOPING: process new DHCP packet, message type: DHCP
ACK, input interface: Po5, MAC da: d067.e550.50de, MAC sa: c81f.66c7.ccdb, IP da
: 192.168.10.90, IP sa: 192.168.10.1, DHCP ciaddr: 192.168.10.90, DHCP yiaddr: 0
.0.0.0, DHCP siaddr: 192.168.10.1, DHCP giaddr: 0.0.0.0, DHCP chaddr: d067.e550.
50de
*Mar  6 22:15:06.913: DHCP_SNOOPING: remove relay information option.
*Mar  6 22:15:06.913: DHCP_SNOOPING: direct forward dhcp replyto output port: Gi
gabitEthernet1/0/22.show ip dhcp snooping binding
MacAddress          IpAddress        Lease(sec)  Type           VLAN  Interface
------------------  ---------------  ----------  -------------  ----  ----------
----------
D0:67:E5:50:50:DE   0.0.0.0          86286       dhcp-snooping   11    GigabitEt
hernet1/0/22
Total number of bindings: 1

 

 


 

Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card