11-11-2013 07:07 AM - edited 03-07-2019 04:32 PM
Hi All
I have an issue within my Test network. I am having issues with Games consoles playing and then having network drop outs where there is no internet connectivity for 5 mins all longer. Then the connectivity reumes itself after a while. I have a 300mb pipe which seems a suitable amount of bandwidth.
I am diasy chaining a net gear switch in to a port that is a 1 GB port. I cant see no logs on the swiitch at the time of actionb and I have no port security.
However I do see logs regarding DHCP Snooping
%DHCP_SNOOPING-5-DHCP_SNOOPING_MATCH_MAC_FAIL: DHCP_SNOOPING drop message because the chaddr doesn't match source mac, message type: DHCPREQUEST, chaddr: f8d0.ac9c.7cef, MAC sa: f8d0.ac9c.7cee
I am constantly plugging in and moving devices.
Could this be the DHCP ?
Removing DHCP snooping ? apart from reducing security. Could this impair the environment ?
I would like to remove it temporarily ?
Thanks in advance
11-11-2013 07:51 AM
The CHADDR field in the DHCP request packet does not match the source MAC of the frame. The MACs are however very similar. Do you have multiple NICs?
See this thread that Petr answered as well:
https://supportforums.cisco.com/thread/344460
Daniel Dib
CCIE #37149
11-11-2013 08:16 AM
The issue I have got is testers with multiple devices connected to the netgear which is the plugged into a cisco 4510 switch which has snopping enabled. Im thinking even if I remove the VLAN that these test devices are using from the snooping config. I am not leaving the whole network exposed.
So the multiple NICs in the netgear could be causing an issue with the snooping ?
11-11-2013 08:27 AM
Hi, James
This command will stop all the comparation the switch doing withween the CHADDR AND THE MACHINE MAC ADDRESS
"no ip dhco snooping verify mac-address"
this will stop all the loggs you have.
Regards
11-11-2013 08:41 AM
Hi Sandeep
Thanks for the reply
Will this command actually disable the feature. This is what I want to happen
Not just disabling the logs
11-11-2013 08:57 AM
Hi James,
“When a switch receives a packet on an untrusted interface and the interface belongs to a VLAN in which DHCP snooping is enabled, the switch compares the source MAC address and the DHCP client hardware address. If the addresses match (the default), the switch forwards the packet. If the addresses do not match, the switch drops the packet.”
The no option disables MAC address verification.
Regards
11-11-2013 09:06 AM
Hi James,
I guess we need to disable "ip dhcp snooping information option"
Thanks & Regards,
Karthick Murugan
CCIE#39285
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: