dhcp client - ( SW1 port 1 ) - SW1 - ( SW1 port 2 ) - SW2 - dhcp server
The SW1 is Catalyst 2960S switch ( WS-C2960S-48TD-L ) with universal image ( c2960s-universalk9-mz.122-55.SE7 ).
We tried to enable the dhcp snooping feature. If the SW1 port 1 configure to untrust port and SW1 port 2 configure to trust port, the dhcp client can get IP address from dhcp server immediately. If both SW1 port 1 & port 2 configure to untrust port, the dhcp client still can get the IP address after 1 minute. ( it seems not correct!! )
This is interesting. Have you tried to completely deconfigure the DHCP client, i.e. perform ipconfig /release if it is running under Windows, and only then tried to acquire the IP address? There is a slight possibility that the client uses unicast IP communication with the DHCP server after it knows who the DHCP server is, somehow bypassing DHCP Snooping protection (although very improbable!)
Anyway, please configure the Gi1/0/1 and Gi1/0/2 ports with switchport mode access - currently, they are in dynamic mode.
I tried to run ipconfig /release, then the dhcp client can not get IP address if both dhcp server and client are connect to untrust port. Why it don't work when I disconnect / reconnect the dhcp client LAN cable?
There is a slight possibility that the client uses unicast IP communication with the DHCP server after it knows who the DHCP server is, somehow bypassing DHCP Snooping protection (although very improbable!)
Can you explain further, the DHCP snooping process was blocking server-side messages on untrusted ports so how can the client type of communication( broadcast or unicast) could influence this ?
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...