Résolu : Need Help to configure DAI and DHCP Snooping on my LAB

omessadi · ‎22-07-2022

Bonjour,
Je voudrais un coup de main pour configurer la surveillance DAI et DHCP sur cette configuration.
Il semble que j'ai tout fait correctement, mais lorsque je connecte un PC au SW-A, j'obtiens ce message :
%DHCP_SNOOPING-5-DHCP_SNOOPING_NONZERO_GIADDR: DHCP_SNOOPING drop message with non-zero giaddr or option82 value on untrusted port, message type: DHCP DISCOVER, MAC sa: 0010.11D2.E395

Pourtant l'option 82 est désactivée.

Merci d'avance.

Hello,
I would like a hand to set up DAI and DHCP snooping on this configuration.
It seems I have done everything right, but when I connect a PC to the SW-A, I get this message:
%DHCP_SNOOPING-5-DHCP_SNOOPING_NONZERO_GIADDR: DHCP_SNOOPING drop message with non-zero giaddr or option82 value on untrusted port, message type: DHCP DISCOVER, MAC sa: 0010.11D2.E395

Yet option 82 is disabled.

Thanks in advance.

MHM Cisco World · ‎24-07-2022

PKT limitation
Port-channel not config with IP DHCP snooping nor IP AP inspection, and I try and you can not config it.
if the port member of Port-channel config is different than the port-channel config the unpredictable behave happened or even the PO failed "in real network".
try same config but
with PO between SW

the Access SW config with
no ip dhcp snooping information option <- this remove Op82 before send DHCP packet to Core SW

Voir la solution dans l'envoi d'origine

MHM Cisco World · ‎22-07-2022

Can you share lab here,

I can not open zip file.

Share as text

omessadi · ‎22-07-2022

Ok, i want to share it in text format, but how ?

omessadi · ‎22-07-2022

Here is a new ZIP file

MHM Cisco World · ‎22-07-2022

incompatible with my PKT, Sorry.
if you want share as text.

MHM Cisco World · ‎22-07-2022

anyway
you need this

no ip dhcp snooping verify no-relay-agent-address

omessadi · ‎24-07-2022

Thks,

commands are not working.

I'm using PT V8.1.0.0722

MHM Cisco World · ‎24-07-2022

OK, only draw of topolgy with note about config and do print screen and I will do lab and see

omessadi · ‎24-07-2022

Here is screen shot, I can also put all swtich conf if you want me to do it.

Thks A lot

omessadi · ‎24-07-2022

Im' trying to find issue,

When I use a DHCP server behind the 290, and trust the link port, it works correctly.

But when I use the 3650 us a DHCP, with the same configuration, is doest not works !!

MHM Cisco World · ‎24-07-2022

I install PKT ver. 8 and see your lab now,
there are many think need to check.
I will update you after couple hours

MHM Cisco World · ‎24-07-2022

Case1
PC-L2SW-L3SW
in L2SW you can config
DHCP snooping
no DHCP snooping information option
ARP inspect
L2SW-L3SW must be trust

L3SW
config SVI of VLAN
NO dhcp snooping
NO ARP inspect
HSRP
DHCP Pool

this WORK and I test it

Case2
L3SW config
DHCP snooping
DHCP Pool
here I need more time to check this issue

MHM Cisco World · ‎24-07-2022

PKT limitation
Port-channel not config with IP DHCP snooping nor IP AP inspection, and I try and you can not config it.
if the port member of Port-channel config is different than the port-channel config the unpredictable behave happened or even the PO failed "in real network".
try same config but
with PO between SW

the Access SW config with
no ip dhcp snooping information option <- this remove Op82 before send DHCP packet to Core SW

MHM Cisco World · ‎24-07-2022

Not 100% Sure that PKT limitation
the DHCP snooping with LOCAL DHCP Server is failed, that why the external DHCP Server success.
why not 100% sure because cisco statement that
DHCP SNOOPING must not run in VLAN that config with DHCP POOL LOCAL.

but let assume that any DHCP snooping can not work with Local DHCP Pool.

Need Help to configure DAI and DHCP Snooping on my LAB

Liens rapides