09-08-2006 11:41 PM - edited 03-03-2019 04:53 AM
I've just noticed that DHCP snooping is not working on some VLAN's on a bunch of Cisco 2960's I've just deployed. On other VLAN's
it is working.
The template that was used to configure the switches has the lines:
ip dhcp snooping vlan 1-4094
ip dhcp snooping
... which I would think should be sufficient to enable it on all of the VLAN's on the switches.
However, according to show ip dhcp snooping:
Switch DHCP snooping is enabled
DHCP snooping is configured on following VLANs:
1,4,26,30-35,56,72-73,254-255
Anybody have any ideas about why VLAN 311 for example (the one I care about on this particular switch) is being excluded from this
list?
Any help or advice would be appreciated.
Solved! Go to Solution.
09-09-2006 11:49 AM
Craig,
Since you are having DHCP Snooping issues specific to Vlan 311, I think you are running into a software caveat. Please refer bug id CSCse03859 for details. BTW, this bug is specific to the switch being in VTP Server Mode.
CSCse03859 (Catalyst 2960 switches)
If the switch is in VTP server mode and VLANs with IDs greater than 255 (256 and above) are created, DHCP snooping does not work properly on these VLANs.
The workaround is to put the switch in VTP transparent mode before creating the VLANs.
There is no workaround.
http://www.cisco.com/en/US/products/hw/switches/ps5023/prod_release_note09186a0080688f86.html
I hope it helps.
Regards,
Arul
09-10-2006 10:09 AM
Craig,
Your understanding is correct.
The bug is to be fixed in the next release which is tentatively scheduled for sometime in mid December.
As soon as the newer version is posted on cisco, I would highly recommend that you double check the release notes to make sure the bug is fixed and then do the upgrade.
I hope it helps.
Regards,
Arul
09-09-2006 05:31 AM
Hi,
check this website for more information on DHCP snooping
HTH
Thanks
Raj
09-09-2006 06:19 AM
I have read this Cisco documentation on DHCP snooping and we use it quite extensively and successfully throughout our network so I think I am quite familiar with DHCP snooping.
Sorry, but I cannot find anything in this document that explains my problem which is that though I have dhcp snooping enabled on all VLANs (vlan 1 to 4094), according to "show dhcp snooping" it is actually only running on some of the VLAN's on the switch and, unfortunately for me, it is not running on the VLAN I care about - namely the access VLAN (311) on that switch. Since this VLAN is the only active VLAN (apart from the management VLAN) in this switch the DHCP snooping binding table is empty. Devices on this network are getting IP addresses from the DHCP server, though.
This is not an isolated case in that it effects all 18 2960's that were deployed.
One difference between this deployment and previous (successful) deployments of DHCP snooping in our environment is that this is the first site where we have grouped the switches into a VTP domain and created the VLAN's from the VTP server. Previously, VLAN's were configured manually on each switch. Relevant?
09-09-2006 11:49 AM
Craig,
Since you are having DHCP Snooping issues specific to Vlan 311, I think you are running into a software caveat. Please refer bug id CSCse03859 for details. BTW, this bug is specific to the switch being in VTP Server Mode.
CSCse03859 (Catalyst 2960 switches)
If the switch is in VTP server mode and VLANs with IDs greater than 255 (256 and above) are created, DHCP snooping does not work properly on these VLANs.
The workaround is to put the switch in VTP transparent mode before creating the VLANs.
There is no workaround.
http://www.cisco.com/en/US/products/hw/switches/ps5023/prod_release_note09186a0080688f86.html
I hope it helps.
Regards,
Arul
09-10-2006 08:52 AM
Hi Arul,
Thanks for the useful reply.
Apart from the fact that our switches are in VTP client mode rather than VTP server mode as described in CSCse03859, the bug seems to accurately describe what we are experiencing.
We are currently running IOS 12.2(25) SEE2 - the IOS that shipped on the device.
According to http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCse03859
the bug has been resolved but no "First Fixed-in Version" is listed. I assume that this means this fix will only be available in a future still to be released version of IOS?
09-10-2006 10:09 AM
Craig,
Your understanding is correct.
The bug is to be fixed in the next release which is tentatively scheduled for sometime in mid December.
As soon as the newer version is posted on cisco, I would highly recommend that you double check the release notes to make sure the bug is fixed and then do the upgrade.
I hope it helps.
Regards,
Arul
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: