annuler
Affichage des résultats de 
Rechercher plutôt 
Vouliez-vous dire : 
cancel
631
Visites
30
Compliment
13
Réponses

Need Help to configure DAI and DHCP Snooping on my LAB

omessadi
Beginner
Beginner

Bonjour,
Je voudrais un coup de main pour configurer la surveillance DAI et DHCP sur cette configuration.
Il semble que j'ai tout fait correctement, mais lorsque je connecte un PC au SW-A, j'obtiens ce message :
%DHCP_SNOOPING-5-DHCP_SNOOPING_NONZERO_GIADDR: DHCP_SNOOPING drop message with non-zero giaddr or option82 value on untrusted port, message type: DHCP DISCOVER, MAC sa: 0010.11D2.E395

Pourtant l'option 82 est désactivée.

Merci d'avance.

Hello,
I would like a hand to set up DAI and DHCP snooping on this configuration.
It seems I have done everything right, but when I connect a PC to the SW-A, I get this message:
%DHCP_SNOOPING-5-DHCP_SNOOPING_NONZERO_GIADDR: DHCP_SNOOPING drop message with non-zero giaddr or option82 value on untrusted port, message type: DHCP DISCOVER, MAC sa: 0010.11D2.E395

Yet option 82 is disabled.

Thanks in advance.

 

1 SOLUTION APPROUVÉE

Solutions approuvées

MHM Cisco World
Advisor
Advisor

PKT limitation
Port-channel not config with IP DHCP snooping nor IP AP inspection, and I try and you can not config it.
if the port member of Port-channel config is different than the port-channel config the unpredictable behave happened or even the PO failed "in real network".
try same config but 
with PO between SW

the Access SW config with 
no ip dhcp snooping information option <- this remove Op82 before send DHCP packet to Core SW

Voir la solution dans l'envoi d'origine

13 RÉPONSES 13

MHM Cisco World
Advisor
Advisor

Can you share lab here,

I can not open zip file.

Share as text 

omessadi
Beginner
Beginner

Ok, i want to share it in text format, but how ? 

omessadi
Beginner
Beginner

Here is a new ZIP file

incompatible with my PKT, Sorry.
if you want share as text.

MHM Cisco World
Advisor
Advisor

anyway 
you need this

no ip dhcp snooping verify no-relay-agent-address   

 

omessadi
Beginner
Beginner

Thks, 

 

commands are not working. 

I'm using PT V8.1.0.0722

OK, only draw of topolgy with note about config and do print screen and I will do lab and see

omessadi
Beginner
Beginner
 

 

 Here is screen shot, I can also put all swtich conf if you want me to do it. 

Thks A lot

omessadi
Beginner
Beginner

Im' trying to find issue, 

When I use a DHCP server behind the 290, and trust the link port, it works correctly. 

But when I use the 3650 us a DHCP, with the same configuration, is doest not works !!

I install PKT ver. 8 and see your lab now, 
there are many think need to check.
I will update you after couple hours

Case1 
PC-L2SW-L3SW
in L2SW you can config
DHCP snooping
no DHCP snooping information option
ARP inspect 
L2SW-L3SW must be trust 

L3SW
config SVI of VLAN 
NO dhcp snooping 
NO ARP inspect  
HSRP
DHCP Pool 


this WORK and I test it 

Case2 
L3SW config
DHCP snooping 
DHCP Pool
here I need more time to check this issue

MHM Cisco World
Advisor
Advisor

PKT limitation
Port-channel not config with IP DHCP snooping nor IP AP inspection, and I try and you can not config it.
if the port member of Port-channel config is different than the port-channel config the unpredictable behave happened or even the PO failed "in real network".
try same config but 
with PO between SW

the Access SW config with 
no ip dhcp snooping information option <- this remove Op82 before send DHCP packet to Core SW

MHM Cisco World
Advisor
Advisor

Not 100% Sure that PKT limitation 
the DHCP snooping with LOCAL DHCP Server is failed, that why the external DHCP Server success.
why not 100% sure because cisco statement that 
DHCP SNOOPING must not run in VLAN that config with DHCP POOL LOCAL.

but let assume that any DHCP snooping can not work with Local DHCP Pool.

Mise en Route
Bienvenue dans la Communauté !

La communauté est un hub pour vous connecter avec vos pairs et les spécialistes Cisco, pour demander de l'aide, partager votre expertise, développer votre réseau et évoluer professionnellement.
Vous êtes un nouvel arrivant ? Cliquez ici pour en savoir plus.

Nous voulons que votre navigation soit la meilleure, donc vous trouverez des liens pour vous aider à être rapidement familiarisé avec la Communauté Cisco :