DHCP Snooping Log Results-What Is It

mrashby · ‎02-24-2010

All,

I have DHCP Snooping running on my switches. I got a few interesting things in the logs and just need someone to help me decipher what is going on.

1. Feb 23 13:52:46.273 EST: %DHCP_SNOOPING-5-DHCP_SNOOPING_UNTRUSTED_PORT: DHCP_SNOOPING drop message on untrusted port, message type: DHCPOFFER, MAC sa: 0014.60f4.8184

2. Feb 24 03:09:30.923 EST: %DHCP_SNOOPING-4-AGENT_OPERATION_FAILED: DHCP snooping binding transfer failed. Unable to access URL.

3. Feb 24 09:03:06.394 EST: %DHCP_SNOOPING-5-DHCP_SNOOPING_MATCH_MAC_FAIL: DHCP_SNOOPING drop message because the chaddr doesn't match source mac, message type: DHCPRELEASE, chaddr: 4e4d.ab54.bdf1, MAC sa: 0015.587f.effe

Thanks for any help.

yjdabear · ‎02-24-2010

In case you're not aware, Cisco provides a handy Output Interpretter tool:

https://www.cisco.com/cgi-bin/Support/OutputInterpreter/home.pl

E.g.:

%DHCP_SNOOPING-5-DHCP_SNOOPING_UNTRUSTED_PORT (x1): [char] drop message
on untrusted port message type: [char] MAC sa: [mac-addr]

Explanation: The DHCP snooping feature discovered certain types of DHCP messages
not allowed on the untrusted interface, indicating some host may be trying to act
as a DHCP server. The packet will be dropped.

Recommended Action: This is an informational message only. No action is required.

mrashby · ‎02-25-2010

Thanks this is actually proving quite useful.

dplaizb_0817 · ‎01-20-2016

Now I also have this problem:

Jan 21 2016 09:17:48 BJT: %DHCP_SNOOPING-5-DHCP_SNOOPING_MATCH_MAC_FAIL: DHCP_SNOOPING drop message because the chaddr doesn't match source mac, message type: DHCPDISCOVER, chaddr: 00c2.c629.7efe, MAC sa: 3c97.0ecd.7c00

I'm a remote connection, now I want to know how to find the interface the untrust DHCP server connected , then to shutdown the interface。