Comprar o Renovar
Comprar o Renovar
cancelar
Activar sugerencias
La sugerencia automática le ayuda a obtener, de forma rápida, resultados precisos de su búsqueda al sugerirle posibles coincidencias mientras escribe.
Mostrando los resultados de 
Buscar en lugar de 
Quiere decir: 
cancel
Iniciar una conversación
2270
Visitas
0
ÚTIL
16
Respuestas

Problema con DHCP Snooping

Ir a solución
uliflocol
Level 1
Level 1

el ‎05-16-2023 08:36 AM

Hola a todos.

Tengo un problema con dhcp snooping en packet tracer, cuando doy el comando show ip dhcp snooping me arroja el siguiente "DHCP snooping is operational on following VLANs: none"

Lo tengo configurado de la siguiente forma: 

ip dhcp snooping vlan X,X,X,X
no ip dhcp snooping information option
ip dhcp snooping

En interfaces troncales tengo el trust activo y en interfaces de acceso el limit rate, sin embargo, me aparece el mensaje que comenté al inicio y el DHCP no me asigna direcciones a menos que apague el dhcp snooping globalmente. ¿Qué podría estar pasando? 

De antemano gracias 

 

Etiquetas:
0 Útil
1 SOLUCIÓN ACEPTADA

Soluciones aceptadas

Ir a solución
Flavio Miranda
VIP
VIP
En respuesta a uliflocol

‎05-16-2023 12:26 PM - editado ‎05-16-2023 12:26 PM

Hello,

  About the NAT you need to configure on the interface vlan. It does not accept on the  physical interface. This is not like a router.

 conf t

 interface vlan 100

 ip nat (inside/outside)

 

 

About the DHCP snooping .  there is nothing wrong with your config. At least on the file I am attaching.

But, here is the problem.  The port-channel should be a trust port. It turns out that in PacketTracer you can not do that. In real device you can. So, if you configure the physical interface like you did, this does not reflect on the Port-channel. Actually it should be the opposite, configuration on the port-channel will repflect on the physical interface.

 You can prove that by changin the Yoali (Ingeniería) to vlan 20 and Miguel (Gerencia) to vlan 30. Because this way, they will not cross the DHCP request through the Port-channel. The DHCP request wil be sent to the router on the same switch and the router will sent as unicast to DHCP server.

Ver la solución en mensaje original publicado

Config Lab2_v2 (2).zip
0 Útil
16 RESPUESTAS 16

Ir a solución
Flavio Miranda
VIP
VIP

el ‎05-16-2023 09:05 AM

Hi

 Did you create the VLAN on the switch ?

Attach the PacketTracer file here. Zip it first.

0 Útil

Ir a solución
uliflocol
Level 1
Level 1
En respuesta a Flavio Miranda

el ‎05-16-2023 09:12 AM

Yes, "show vlan brief" display active vlans 

 

Config Lab2.zip
0 Útil

Ir a solución
Flavio Miranda
VIP
VIP
En respuesta a uliflocol

el ‎05-16-2023 09:20 AM

I had success running the command. It might be some problem in your end. Try to close the project and open again.

I did not change any configuration .

 

 

SW1#sh ip dhcp snooping

Switch DHCP snooping is enabled

DHCP snooping is configured on following VLANs:

10,20,30,100

DHCP snooping is operational on following VLANs:

none

Smartlog is configured on following VLANs:

none

Smartlog is operational on following VLANs:

none

DHCP snooping is configured on the following L3 Interfaces:

 

Insertion of option 82 is disabled

circuit-id default format: vlan-mod-port

remote-id: 000C.CF1A.D759 (MAC)

Option 82 on untrusted port is not allowed

Verification of hwaddr field is enabled

Verification of giaddr field is enabled

DHCP snooping trust/rate is configured on the following Interfaces:

 

Interface Trusted Allow option Rate limit (pps)

----------------------- ------- ------------ ----------------

GigabitEthernet1/0/3 yes yes unlimited

Custom circuit-ids:

GigabitEthernet1/0/5 no no 5

Custom circuit-ids:

GigabitEthernet1/0/1 yes yes unlimited

Custom circuit-ids:

GigabitEthernet1/0/2 yes yes unlimited

Custom circuit-ids:

SW1#

0 Útil

Ir a solución
uliflocol
Level 1
Level 1
En respuesta a Flavio Miranda

el ‎05-16-2023 09:25 AM

"DHCP snooping is operational on following VLANs: none"

Is that message normal? When I try to obtain IP by DHCP on any PC it does not allow me

 

0 Útil

Ir a solución
Flavio Miranda
VIP
VIP
En respuesta a uliflocol

el ‎05-16-2023 09:28 AM

 It is not normal but as I said there might be some problem on your file. When I run the command I got the right output. 

 Try to close the project and open again. Or add a new switch and configure it again

0 Útil

Ir a solución
uliflocol
Level 1
Level 1
En respuesta a Flavio Miranda

el ‎05-16-2023 09:35 AM

I have tried to configure the SW again, close the file multiple times and that message continues to appear, in addition to the fact that DHCP does not give addresses

0 Útil

Ir a solución
Flavio Miranda
VIP
VIP
En respuesta a uliflocol

el ‎05-16-2023 10:03 AM

On this file, the DHCP is working. But you put too many config at once. Let´s try to go slowly just to see what is wrong.

 Try to add the DHCP snoop config and test.

Config Lab2_v2.zip
0 Útil

Ir a solución
uliflocol
Level 1
Level 1
En respuesta a Flavio Miranda

el ‎05-16-2023 10:22 AM

DHCP doesn't work for me. I downloaded the file and ran it, I tried the DHCP and it doesn't give me addresses. It only gives it to me if I turn off snooping with the no ip dhcp snooping command

14 KB
0 Útil

Ir a solución
Flavio Miranda
VIP
VIP
En respuesta a uliflocol

el ‎05-16-2023 11:02 AM

 I will take a look and get back to you.

0 Útil

Ir a solución
uliflocol
Level 1
Level 1
En respuesta a Flavio Miranda

el ‎05-16-2023 11:25 AM

Thank you so much. Another question, why doesn't it allow me to enable the "ip nat outside" command on the interface that faces the internet? nothing related to nat appears when I enter the interface.

0 Útil

Ir a solución
Flavio Miranda
VIP
VIP
En respuesta a uliflocol

‎05-16-2023 12:26 PM - editado ‎05-16-2023 12:26 PM

Hello,

  About the NAT you need to configure on the interface vlan. It does not accept on the  physical interface. This is not like a router.

 conf t

 interface vlan 100

 ip nat (inside/outside)

 

 

About the DHCP snooping .  there is nothing wrong with your config. At least on the file I am attaching.

But, here is the problem.  The port-channel should be a trust port. It turns out that in PacketTracer you can not do that. In real device you can. So, if you configure the physical interface like you did, this does not reflect on the Port-channel. Actually it should be the opposite, configuration on the port-channel will repflect on the physical interface.

 You can prove that by changin the Yoali (Ingeniería) to vlan 20 and Miguel (Gerencia) to vlan 30. Because this way, they will not cross the DHCP request through the Port-channel. The DHCP request wil be sent to the router on the same switch and the router will sent as unicast to DHCP server.

Config Lab2_v2 (2).zip
0 Útil

Ir a solución
uliflocol
Level 1
Level 1
En respuesta a Flavio Miranda

el ‎05-16-2023 01:01 PM

About PAT, how can I traduce 150.1.1.2 (int g1/0/24) to Vlan 100 IP? 

I tried to configure

interface vlan 100 
ip nat inside

But it's not clear to me how to get to the interface 150.1.1.1 (Internet) because I can't configure nat on the interface with No switchport.

 

 

About Snooping, Thank you so much, It was pretty clear to me, thanks for your time.

0 Útil

Ir a solución
Flavio Miranda
VIP
VIP
En respuesta a uliflocol

el ‎05-16-2023 01:10 PM

I recommend you to use a router instead.  As the "Internet"  is actually a router, it would be easier for you put a router on your side and to the config on the router. 

 In order to to it on th switch you need that the port between switch and Internet must be in Layer2 and then you add it to the Vlan 100 and do the NAT on the vlan 100.  But, if you put the interface in layer2 on the switch  you end up having problem on the Internet site. 

0 Útil

Ir a solución
uliflocol
Level 1
Level 1
En respuesta a Flavio Miranda

el ‎05-16-2023 01:59 PM

I understand, thanks for everything

0 Útil

Navegue y encuentre contenido personalizado de la comunidad

Videos de R&S Documentos de R&S Blogs de R&S
Customers Also Viewed These Support Documents