cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
731
Views
11
Helpful
5
Replies

DHCP snooping

Craig Balfour
Level 1
Level 1

I've just noticed that DHCP snooping is not working on some VLAN's on a bunch of Cisco 2960's I've just deployed. On other VLAN's

it is working.

The template that was used to configure the switches has the lines:

ip dhcp snooping vlan 1-4094

ip dhcp snooping

... which I would think should be sufficient to enable it on all of the VLAN's on the switches.

However, according to show ip dhcp snooping:

Switch DHCP snooping is enabled

DHCP snooping is configured on following VLANs:

1,4,26,30-35,56,72-73,254-255

Anybody have any ideas about why VLAN 311 for example (the one I care about on this particular switch) is being excluded from this

list?

Any help or advice would be appreciated.

2 Accepted Solutions

Accepted Solutions

Craig,

Since you are having DHCP Snooping issues specific to Vlan 311, I think you are running into a software caveat. Please refer bug id CSCse03859 for details. BTW, this bug is specific to the switch being in VTP Server Mode.

CSCse03859 (Catalyst 2960 switches)

If the switch is in VTP server mode and VLANs with IDs greater than 255 (256 and above) are created, DHCP snooping does not work properly on these VLANs.

The workaround is to put the switch in VTP transparent mode before creating the VLANs.

There is no workaround.

http://www.cisco.com/en/US/products/hw/switches/ps5023/prod_release_note09186a0080688f86.html

I hope it helps.

Regards,

Arul

View solution in original post

Craig,

Your understanding is correct.

The bug is to be fixed in the next release which is tentatively scheduled for sometime in mid December.

As soon as the newer version is posted on cisco, I would highly recommend that you double check the release notes to make sure the bug is fixed and then do the upgrade.

I hope it helps.

Regards,

Arul

View solution in original post

5 Replies 5

I have read this Cisco documentation on DHCP snooping and we use it quite extensively and successfully throughout our network so I think I am quite familiar with DHCP snooping.

Sorry, but I cannot find anything in this document that explains my problem which is that though I have dhcp snooping enabled on all VLANs (vlan 1 to 4094), according to "show dhcp snooping" it is actually only running on some of the VLAN's on the switch and, unfortunately for me, it is not running on the VLAN I care about - namely the access VLAN (311) on that switch. Since this VLAN is the only active VLAN (apart from the management VLAN) in this switch the DHCP snooping binding table is empty. Devices on this network are getting IP addresses from the DHCP server, though.

This is not an isolated case in that it effects all 18 2960's that were deployed.

One difference between this deployment and previous (successful) deployments of DHCP snooping in our environment is that this is the first site where we have grouped the switches into a VTP domain and created the VLAN's from the VTP server. Previously, VLAN's were configured manually on each switch. Relevant?

Craig,

Since you are having DHCP Snooping issues specific to Vlan 311, I think you are running into a software caveat. Please refer bug id CSCse03859 for details. BTW, this bug is specific to the switch being in VTP Server Mode.

CSCse03859 (Catalyst 2960 switches)

If the switch is in VTP server mode and VLANs with IDs greater than 255 (256 and above) are created, DHCP snooping does not work properly on these VLANs.

The workaround is to put the switch in VTP transparent mode before creating the VLANs.

There is no workaround.

http://www.cisco.com/en/US/products/hw/switches/ps5023/prod_release_note09186a0080688f86.html

I hope it helps.

Regards,

Arul

Hi Arul,

Thanks for the useful reply.

Apart from the fact that our switches are in VTP client mode rather than VTP server mode as described in CSCse03859, the bug seems to accurately describe what we are experiencing.

We are currently running IOS 12.2(25) SEE2 - the IOS that shipped on the device.

According to http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCse03859

the bug has been resolved but no "First Fixed-in Version" is listed. I assume that this means this fix will only be available in a future still to be released version of IOS?

Craig,

Your understanding is correct.

The bug is to be fixed in the next release which is tentatively scheduled for sometime in mid December.

As soon as the newer version is posted on cisco, I would highly recommend that you double check the release notes to make sure the bug is fixed and then do the upgrade.

I hope it helps.

Regards,

Arul

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: