Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Unable to get IP from Router using dhcp snooping

Hi all,

I have 2650 Router acting as dhcp server  and i have 2950 switch.

Config on router lan int

interface FastEthernet1/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto

what i did today is config dhcp snooping on 2950t switch

ip dhcp snooping vlan 1

when i did on the switch and i restarted the pc it was unable to get the ip from router dhcp.

when i assign the static ip to pc it worked fine.

when i removed no ip dhcp snooping vlan 1 from switch config then my pc was able to get the ip address.

650#    sh ip dhcp binding
Bindings from all pools not associated with VRF:
IP address          Client-ID/              Lease expiration        Type
                    Hardware address/
                    User name
192.168.1.2         0100.1641.e4ae.bc       Jan 15 2010 11:12 AM    Automatic
192.168.1.3         0100.1e33.92d5.7a       Jan 15 2010 11:19 AM    Automatic.

any body knows why  enabling dhcp snooping caused this issue on my network that my pc was unable to get ip from dhcp server dynamicaly?

thanks

mahesh

2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Blue

Re: Unable to get IP from Router using dhcp snooping

mahesh18 wrote:

Hi all,

I have 2650 Router acting as dhcp server  and i have 2950 switch.

Config on router lan int

interface FastEthernet1/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto

what i did today is config dhcp snooping on 2950t switch

ip dhcp snooping vlan 1

when i did on the switch and i restarted the pc it was unable to get the ip from router dhcp.

when i assign the static ip to pc it worked fine.

when i removed no ip dhcp snooping vlan 1 from switch config then my pc was able to get the ip address.

650#    sh ip dhcp binding
Bindings from all pools not associated with VRF:
IP address          Client-ID/              Lease expiration        Type
                    Hardware address/
                    User name
192.168.1.2         0100.1641.e4ae.bc       Jan 15 2010 11:12 AM    Automatic
192.168.1.3         0100.1e33.92d5.7a       Jan 15 2010 11:19 AM    Automatic.

any body knows why  enabling dhcp snooping caused this issue on my network that my pc was unable to get ip from dhcp server dynamicaly?

thanks

mahesh

Mahesh

Did you configure the port that the router connects to as a trusted port ?

Jon

Hall of Fame Super Blue

Re: Unable to get IP from Router using dhcp snooping

mahesh18 wrote:

Hi Jon,

i did not config the Router lan int fa1/0 as trusted port.

thanks

mahesh

Mahesh

See this doc for details -

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_22_ea5/configuration/guide/swdhcp82.html#wp1058259

You need to configure the router port as trusted ie. "ip dhcp snooping trust" and the other ports with clients as untrusted ie. "no ip dhcp snooping trust"

Jon

6 REPLIES
Hall of Fame Super Blue

Re: Unable to get IP from Router using dhcp snooping

mahesh18 wrote:

Hi all,

I have 2650 Router acting as dhcp server  and i have 2950 switch.

Config on router lan int

interface FastEthernet1/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto

what i did today is config dhcp snooping on 2950t switch

ip dhcp snooping vlan 1

when i did on the switch and i restarted the pc it was unable to get the ip from router dhcp.

when i assign the static ip to pc it worked fine.

when i removed no ip dhcp snooping vlan 1 from switch config then my pc was able to get the ip address.

650#    sh ip dhcp binding
Bindings from all pools not associated with VRF:
IP address          Client-ID/              Lease expiration        Type
                    Hardware address/
                    User name
192.168.1.2         0100.1641.e4ae.bc       Jan 15 2010 11:12 AM    Automatic
192.168.1.3         0100.1e33.92d5.7a       Jan 15 2010 11:19 AM    Automatic.

any body knows why  enabling dhcp snooping caused this issue on my network that my pc was unable to get ip from dhcp server dynamicaly?

thanks

mahesh

Mahesh

Did you configure the port that the router connects to as a trusted port ?

Jon

New Member

Re: Unable to get IP from Router using dhcp snooping

Hi Jon,

i did not config the Router lan int fa1/0 as trusted port.

thanks

mahesh

Hall of Fame Super Blue

Re: Unable to get IP from Router using dhcp snooping

mahesh18 wrote:

Hi Jon,

i did not config the Router lan int fa1/0 as trusted port.

thanks

mahesh

Mahesh

See this doc for details -

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_22_ea5/configuration/guide/swdhcp82.html#wp1058259

You need to configure the router port as trusted ie. "ip dhcp snooping trust" and the other ports with clients as untrusted ie. "no ip dhcp snooping trust"

Jon

New Member

Re: Unable to get IP from Router using dhcp snooping

Hi john

now i did config under switch

ip dhcp snooping vlan 1
ip dhcp snooping information option allow-untrusted

and after this i did release and renew ip from laptop.

then my pc was able to get ip from dhcp server which is router.

also under my router there is no option for

ip dhcp snooping ?

thanks

mahesh

New Member

Re: Unable to get IP from Router using dhcp snooping

Hi john

when i do

2950T#            sh ip dhcp snooping
Switch DHCP snooping is disabled
DHCP snooping is configured on following VLANs:
1
Insertion of option 82 is enabled
Interface                    Trusted     Rate limit (pps)
------------------------     -------     ----------------

it does not show any port under it?

do you know why is it like this

thanks

mahesh

New Member

Re: Unable to get IP from Router using dhcp snooping

hi john

thanks again

i did this now

under switch config

ip dhcp snooping vlan 1

and port that connects this switch to router

interface GigabitEthernet0/2
description Wan connection to Router
ip dhcp snooping trust

after this config i did ip release and renew and my pc was able to get the ip from dhcp server.

i did not config router lan interface as trusted one? is this ok

many thanks

mahesh

583
Views
0
Helpful
6
Replies