Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IP DHCP snooping binding problem with Windows 7 client

We have a 3750x with an Etherchannel connection to a Debian server and a single diskless client. The server is supplying DHCP, iSCSI and other services to support the diskless Windows 7 client.  The fact that the client is diskless may be a red herring.

We have configured DHCP snooping and ARP inspection to prevent unwanted connections to the network. Everything appears to work correctly with the client booting OK and the DHCP snooping proving the required security.

Unfortunately, after a few minutes the DHCP binding table (which was originally correct) changes to show an IP address of 0.0.0.0  Shortly thereafter we get ARP inspection errors and no more packets are routed to the client which, without its iSCSI disk locks up and then re-boots.

DHCP snooping errors are shown below.

Can anyone suggest what we may be doing wrong?

Thanks,

 Richard Simpson

*Mar  6 20:57:58.439: DHCP_SNOOPING: process new DHCP packet, message type: DHCP
INFORM, input interface: Gi1/0/22, MAC da: ffff.ffff.ffff, MAC sa: d067.e550.50d
e, IP da: 255.255.255.255, IP sa: 192.168.10.90, DHCP ciaddr: 192.168.10.90, DHC
P yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: d067
.e550.50de
*Mar  6 20:57:58.448: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFF
F.FFFF.FFFF, packet is flooded to ingress VLAN: (11)
*Mar  6 20:57:58.448: DHCP_SNOOPING: process new DHCP packet, message type: DHCP
ACK, input interface: Po5, MAC da: d067.e550.50de, MAC sa: c81f.66c7.ccdb, IP da
: 192.168.10.90, IP sa: 192.168.10.1, DHCP ciaddr: 192.168.10.90, DHCP yiaddr: 0
.0.0.0, DHCP siaddr: 192.168.10.1, DHCP giaddr: 0.0.0.0, DHCP chaddr: d067.e550.
50de
*Mar  6 20:57:58.448: DHCP_SNOOPING: direct forward dhcp replyto output port: Gi
gabitEthernet1/0/22.
MainSwitch#show ip dhcp snooping binding
MacAddress          IpAddress        Lease(sec)  Type           VLAN  Interface
------------------  ---------------  ----------  -------------  ----  ----------
----------
D0:67:E5:50:50:DE   0.0.0.0          86251       dhcp-snooping   11    GigabitEt
hernet1/0/22
Total number of bindings: 1

 

*Mar  6 21:55:48.043: DHCP_SNOOPING: process new DHCP packet, message type: DHCP
INFORM, input interface: Gi1/0/22, MAC da: ffff.ffff.ffff, MAC sa: d067.e550.50d
e, IP da: 255.255.255.255, IP sa: 192.168.10.90, DHCP ciaddr: 192.168.10.90, DHC
P yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: d067
.e550.50de
*Mar  6 21:55:48.052: DHCP_SNOOPING: add relay information option.
*Mar  6 21:55:48.052: DHCP_SNOOPING: binary dump of relay info option, length: 2
0 data:
0x52 0x12 0x1 0x6 0x0 0x4 0x0 0xB 0x1 0x16 0x2 0x8 0x0 0x6 0x10 0x5 0xCA 0xDE 0x
C3 0x0
*Mar  6 21:55:48.052: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFF
F.FFFF.FFFF, packet is flooded to ingress VLAN: (11)
*Mar  6 21:55:48.052: DHCP_SNOOPING: binary dump of option 82, length: 20 data:
0x52 0x12 0x1 0x6 0x0 0x4 0x0 0xB 0x1 0x16 0x2 0x8 0x0 0x6 0x10 0x5 0xCA 0xDE 0x
C3 0x0
*Mar  6 21:55:48.052: DHCP_SNOOPING: binary dump of extracted circuit id, length
: 8 data:
0x1 0x6 0x0 0x4 0x0 0xB 0x1 0x16
*Mar  6 21:55:48.052: DHCP_SNOOPING: binary dump of extracted remote id, length:
 10 data:
0x2 0x8 0x0 0x6 0x10 0x5 0xCA 0xDE 0xC3 0x0
*Mar  6 21:55:48.052: DHCP_SNOOPING: process new DHCP packet, message type: DHCP
ACK, input interface: Po5, MAC da: d067.e550.50de, MAC sa: c81f.66c7.ccdb, IP da
: 192.168.10.90, IP sa: 192.168.10.1, DHCP ciaddr: 192.168.10.90, DHCP yiaddr: 0
.0.0.0, DHCP siaddr: 192.168.10.1, DHCP giaddr: 0.0.0.0, DHCP chaddr: d067.e550.
50de
*Mar  6 21:55:48.052: DHCP_SNOOPING: remove relay information option.
*Mar  6 21:55:48.052: DHCP_SNOOPING: direct forward dhcp replyto output port: Gi
gabitEthernet1/0/22.
MainSwitch#
MainSwitch#show ip dhcp snooping binding
MacAddress          IpAddress        Lease(sec)  Type           VLAN  Interface
------------------  ---------------  ----------  -------------  ----  ----------
----------
D0:67:E5:50:50:DE   0.0.0.0          84819       dhcp-snooping   11    GigabitEt
hernet1/0/22
Total number of bindings: 1

 

*Mar  6 22:15:06.904: DHCP_SNOOPING: process new DHCP packet, message type: DHCP
INFORM, input interface: Gi1/0/22, MAC da: ffff.ffff.ffff, MAC sa: d067.e550.50d
e, IP da: 255.255.255.255, IP sa: 192.168.10.90, DHCP ciaddr: 192.168.10.90, DHC
P yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: d067
.e550.50de
*Mar  6 22:15:06.904: DHCP_SNOOPING: add relay information option.
*Mar  6 22:15:06.904: DHCP_SNOOPING: binary dump of relay info option, length: 2
0 data:
0x52 0x12 0x1 0x6 0x0 0x4 0x0 0xB 0x1 0x16 0x2 0x8 0x0 0x6 0x10 0x5 0xCA 0xDE 0x
C3 0x0
*Mar  6 22:15:06.904: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFF
F.FFFF.FFFF, packet is flooded to ingress VLAN: (11)
*Mar  6 22:15:06.913: DHCP_SNOOPING: binary dump of option 82, length: 20 data:
0x52 0x12 0x1 0x6 0x0 0x4 0x0 0xB 0x1 0x16 0x2 0x8 0x0 0x6 0x10 0x5 0xCA 0xDE 0x
C3 0x0
*Mar  6 22:15:06.913: DHCP_SNOOPING: binary dump of extracted circuit id, length
: 8 data:
0x1 0x6 0x0 0x4 0x0 0xB 0x1 0x16
*Mar  6 22:15:06.913: DHCP_SNOOPING: binary dump of extracted remote id, length:
 10 data:
0x2 0x8 0x0 0x6 0x10 0x5 0xCA 0xDE 0xC3 0x0
*Mar  6 22:15:06.913: DHCP_SNOOPING: process new DHCP packet, message type: DHCP
ACK, input interface: Po5, MAC da: d067.e550.50de, MAC sa: c81f.66c7.ccdb, IP da
: 192.168.10.90, IP sa: 192.168.10.1, DHCP ciaddr: 192.168.10.90, DHCP yiaddr: 0
.0.0.0, DHCP siaddr: 192.168.10.1, DHCP giaddr: 0.0.0.0, DHCP chaddr: d067.e550.
50de
*Mar  6 22:15:06.913: DHCP_SNOOPING: remove relay information option.
*Mar  6 22:15:06.913: DHCP_SNOOPING: direct forward dhcp replyto output port: Gi
gabitEthernet1/0/22.show ip dhcp snooping binding
MacAddress          IpAddress        Lease(sec)  Type           VLAN  Interface
------------------  ---------------  ----------  -------------  ----  ----------
----------
D0:67:E5:50:50:DE   0.0.0.0          86286       dhcp-snooping   11    GigabitEt
hernet1/0/22
Total number of bindings: 1

 

 


 

Everyone's tags (1)
277
Views
0
Helpful
0
Replies