07-12-2019 08:43 AM
Hi guys, i have my isp modem with dhcp (wich is by default, and i cant have access to that device) connected to my 1841 router and then a 2960 switch also with DHCP (i configured this DHCP pool) facing my network.
Sometimes, and i dont know why, when i plug some devices or restart them i get the DHCP from my gateway and not from my SWITCH... and i think thats weird because the switch is literally the end device from my entire network... so why is this happening?
I tried to do DHCP snooping in the switch, but i cant tell how to configure the interface facing my router to be an unstrusted dhcp port... the only options i have is securing a port to be a dhcp trusted interface, but the thing is that my entire switch handles the DHCP... do i have to set as a trusted interface all the interfaces except my interface facing the router?
Thanks in advance and sorry if i cant explain well..
07-12-2019 08:51 AM - edited 07-12-2019 08:52 AM
if your SWITCH was your DHCP Server, then it advise setup up all the interface to access port with vlan X
ip dhcp snooping
interface VLAN X
ip address x.x.x.x 255.255.255.0
ip helper-address x.x.x.1
or post your switch configuration for right syntax.
also post sh ip dhcp snoop bind
07-12-2019 08:55 AM
07-12-2019 09:06 AM
you need to exclude address from DHCP reservation
ip dhcp excluded-address 10.1.1.1 10.1.1.2 <--so this will remove from the pool
07-12-2019 09:23 AM
Why would i do that? In fact the first 100 ip´s are excluded
07-12-2019 09:29 AM
we do not have visibility of that exclude list config - so i was assumed it was not excluded as per below config. ( so made suggestion)
ip dhcp pool 10
network 10.1.1.0 255.255.255.0
default-router 10.1.1.1
dns-server 192.168.100.1
what is the IP address you getting Router ?
07-12-2019 09:06 AM
- No , by default all interfaces are untrusted (for dhcp requests and answers); I suspect a bug in the DHCP snooping conifguration-part of the switch. You may post the relevant statements from the configuration. BTW if you are seeing link-local addresses being assigned to your devices as the modem may assign too, it may be that your device is not just getting an address at all (because sometimes that default behavior of the local network on the device).
M.
07-12-2019 09:26 AM
I forgot to mention that behaviour was happening without the "ip dhcp snooping" command...
By enabling dhcp snooping will it work? i didnt know that by enabling it all ports where considered untrusted.
07-15-2019 03:39 AM
you mention a router between your modem and your switch.
DHCP broadcasts should not be forwarded by this router unless you configured a ip-helper.
if the router is not physically between the devices but logically then there is another explanation.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide