LAN was down ie Users are not getting ip from DHCP server after enabling DHCP snooping
Hi All ,
Enclosed file has network connectivity diagram.
1. L3 vlan's ie 2,3,4,5 and 6 are configured on ACC-CR1 and ACC-CR2.
2.Trunk is configured between Core switches ( CR1 and CR2) and access switches .VTP mode is transparent on all switches.L2 vlans are configured on all access switches.
3.DHCP is server is located at different location and is reachable over MPLS.
Without enabling dhcp snooping , users connected to access switches (Sw1,sw2,sw3 and Sw4 ) are getting ip address from DHCP server without any problem and everything is working fine.
But users connected to Sw3 and Sw4 are getting ip address from rouge DHCP server which is not pingable from any one of the switch.
So we have configured DHCP snooping for all vlan's on CR1 , CR2 , SW3 and SW4 and "trusted uplink ports" which are connected to WAN routers from CR1 and CR2 and also "trusted uplink ports " of Sw3 and Sw4 which are connected to CR1 and CR2.
As soon we have enabled DHCP snooping and trusted respective uplink ports , users are not getting ip address from remote DHCP server and even users connected to Sw1 and SW2 are facing same issue.
Note : DHCP snooping is not configured on SW1 and SW2.
Why users are not getting ip address from remote DHCP server as soon as we enabled dhcp snooping on Core switches and two access switches ie sw3 and sw4 ? what could have caused DHCP packets to be dropped ? Any idea would be appreciated .
CR1 is the root bridge and CR2 is secondary root and HSRP is configured between CR1 and CR2 and Vlans are active on CR1.
Yes Trunk link between CR1 and CR2 are trusted ..I have not seen any DHCP messages on neither of the core switch...Debug commands were not enabled because switches are in production and did not get chance to enable Debug commands pertaining to DHCP.
as you say: " HSRP is configured between CR1 and CR2 and Vlans are active on CR1" does it mean there are L3 intrefaces configured in each VLAN on your CR switches and ip hepler-address pointing to the remote DHCP server is configured on each of them?
I know it's difficult in a productive environment but IMHO you need to find out where are the DHCP offers dropped.
Either by enabling DHCP debugging or by capturing packets via Wireshark, e.g.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.