Re: DHCP snooping inside a switch

Lucas Rene · ‎07-12-2019

Hi guys, i have my isp modem with dhcp (wich is by default, and i cant have access to that device) connected to my 1841 router and then a 2960 switch also with DHCP (i configured this DHCP pool) facing my network.

Sometimes, and i dont know why, when i plug some devices or restart them i get the DHCP from my gateway and not from my SWITCH... and i think thats weird because the switch is literally the end device from my entire network... so why is this happening?

I tried to do DHCP snooping in the switch, but i cant tell how to configure the interface facing my router to be an unstrusted dhcp port... the only options i have is securing a port to be a dhcp trusted interface, but the thing is that my entire switch handles the DHCP... do i have to set as a trusted interface all the interfaces except my interface facing the router?

Thanks in advance and sorry if i cant explain well..

CCENT

balaji.bandi · ‎07-12-2019

if your SWITCH was your DHCP Server, then it advise setup up all the interface to access port with vlan X

ip dhcp snooping

interface VLAN X
ip address x.x.x.x 255.255.255.0
ip helper-address x.x.x.1

or post your switch configuration for right syntax.

also post sh ip dhcp snoop bind

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Lucas Rene · ‎07-12-2019

Yes, i have my DHCP server in my switch and the access ports are configured with VLAN 10, but besides this sometimes they get first the dhcp from the gateway...

ip dhcp pool 10
network 10.1.1.0 255.255.255.0
default-router 10.1.1.1
dns-server 192.168.100.1

interface Vlan10
ip address 10.1.1.2 255.255.255.0
no ip route-cache

CCENT

balaji.bandi · ‎07-12-2019

you need to exclude address from DHCP reservation

ip dhcp excluded-address 10.1.1.1 10.1.1.2  <--so this will remove from the pool

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Lucas Rene · ‎07-12-2019

Why would i do that? In fact the first 100 ip´s are excluded

CCENT

balaji.bandi · ‎07-12-2019

we do not have visibility of that exclude list config - so i was assumed it was not excluded as per below config. ( so made suggestion)

ip dhcp pool 10
network 10.1.1.0 255.255.255.0
default-router 10.1.1.1
dns-server 192.168.100.1

what is the IP address you getting Router ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

marce1000 · ‎07-12-2019

- No , by default all interfaces are untrusted (for dhcp requests and answers); I suspect a bug in the DHCP snooping conifguration-part of the switch. You may post the relevant statements from the configuration. BTW if you are seeing link-local addresses being assigned to your devices as the modem may assign too, it may be that your device is not just getting an address at all (because sometimes that default behavior of the local network on the device).

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

Lucas Rene · ‎07-12-2019

I forgot to mention that behaviour was happening without the "ip dhcp snooping" command...

By enabling dhcp snooping will it work? i didnt know that by enabling it all ports where considered untrusted.

CCENT

pieterh · ‎07-15-2019

you mention a router between your modem and your switch.

DHCP broadcasts should not be forwarded by this router unless you configured a ip-helper.

if the router is not physically between the devices but logically then there is another explanation.