Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1039
Views
0
Helpful
6
Replies

Question regarding DHCP snooping

James Simpson
Level 1
Level 1

‎11-11-2013 07:07 AM - edited ‎03-07-2019 04:32 PM

Hi All

I have an issue within my Test network. I am having issues with Games consoles playing and then having network drop outs where there is no internet connectivity for 5 mins all longer. Then the connectivity reumes itself after a while. I have a 300mb pipe which seems a suitable amount of bandwidth.

I am diasy chaining a net gear switch in to a port that is a 1 GB port. I cant see no logs on the swiitch at the time of actionb and I have no port security.

However I do see logs regarding DHCP Snooping

%DHCP_SNOOPING-5-DHCP_SNOOPING_MATCH_MAC_FAIL: DHCP_SNOOPING drop message because the chaddr doesn't match source mac, message type: DHCPREQUEST, chaddr: f8d0.ac9c.7cef, MAC sa: f8d0.ac9c.7cee

I am constantly plugging in and moving devices.

Could this be the DHCP ?

Removing DHCP snooping  ? apart from reducing security. Could this impair the environment ?

I would like to remove it temporarily ?

Thanks in advance

Labels:
0 Helpful
6 Replies 6

daniel.dib
Level 7
Level 7

‎11-11-2013 07:51 AM

The CHADDR field in the DHCP request packet does not match the source MAC of the frame. The MACs are however very similar. Do you have multiple NICs?

See this thread that Petr answered as well:

https://supportforums.cisco.com/thread/344460

Daniel Dib
CCIE #37149

Daniel Dib
CCIE #37149
CCDE #20160011

Please rate helpful posts.
0 Helpful

James Simpson
Level 1
Level 1
In response to daniel.dib

‎11-11-2013 08:16 AM

The issue I have got is testers with multiple devices connected to the netgear which is the plugged into a cisco 4510 switch which has snopping enabled. Im thinking even if I remove the VLAN that these test devices are using from the snooping config. I am not leaving the whole network exposed.

So the multiple NICs in the netgear could be causing an issue with the snooping ?

0 Helpful

Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to James Simpson

‎11-11-2013 08:27 AM

Hi, James

This command will stop all the comparation the switch doing withween the CHADDR AND THE MACHINE MAC ADDRESS

"no ip dhco snooping verify mac-address"

this will stop all the loggs you have.

Regards

0 Helpful

James Simpson
Level 1
Level 1
In response to Sandeep Choudhary

‎11-11-2013 08:41 AM

Hi Sandeep

Thanks for the reply

Will this command actually disable the feature. This is what I want to happen

Not just disabling the logs

0 Helpful

Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to James Simpson

‎11-11-2013 08:57 AM

Hi James,

“When a switch receives a packet on an untrusted interface and the interface belongs to a VLAN in which DHCP snooping is enabled, the switch compares the source MAC address and the DHCP client hardware address. If the addresses match (the default), the switch forwards the packet. If the addresses do not match, the switch drops the packet.”

The no option disables MAC address verification.

Regards

0 Helpful

Karthick Murugan
Cisco Employee
Cisco Employee
In response to Sandeep Choudhary

‎11-11-2013 09:06 AM

Hi James,

I guess we need to disable "ip dhcp snooping information option"

Thanks & Regards,
Karthick Murugan
CCIE#39285

Thanks & Regards, Karthick Murugan CCIE#39285
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card