Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1162
Views
0
Helpful
0
Replies

ESXi nested --- with dhcp snooping enabled --- ARP question

CCBCCPRO
Level 1
Level 1

‎11-08-2021 08:39 AM

I've got an issue/ question about using dhcp snooping (Cisco router/ two switches) and a nested instance of ESXi 7.0 on my iMac 2019.

I've got a typical config of dhcp snooping on the switches which works as designed with three vlans on the network -- Vlans 10, 13 and 21.On my iMac, I have a single NIC with vlans configured so the iMac can get an ip address on each vlan. So far so good, works as intended.

The esxi instance itself is configured to get dhcp from the router on Vlan 21 and I have a dhcp pool on the router just for the mac address of the esxi NIC. But dhcp snooping blocks the discover/ assignment because it sees the source mac address as coming from the iMac's NIC. I can turn off dhcp snooping on vlan 21 and the esxi NIC can get an IP address, as well as any guests I have built on the server --- but the arp tables on the router and the switches shows the mac address of the iMac, not the mac addresses of the esxi server or the guests.

I have promiscuous mode enabled on the vswitch in ESXi, thinking that would do it, but it's not. When I turn off dhcp snooping on vlan 21 and use the mac address of the ESXi server in the dhcp pool, it gets assigned like normal --- same with the guests. But arp still shows the mac address of the iMac instead.

 

I'm sure it's something simple but I can't figure it out. I would like to have dhcp snooping working for the esxi guests and have the mac address of the esxi node and guests show up in arp. Anybody know how I can do this?

 

Config from switches:

C3560CX-01#sho ip dhcp snooping
Switch DHCP snooping is enabled
Switch DHCP gleaning is disabled
DHCP snooping is configured on following VLANs:
10,13,17
DHCP snooping is operational on following VLANs:
10,13,17
Smartlog is configured on following VLANs:
none
Smartlog is operational on following VLANs:
none
DHCP snooping is configured on the following L3 Interfaces:

Insertion of option 82 is enabled
circuit-id default format: vlan-mod-port
remote-id: dcce.c138.2480 (MAC)
Option 82 on untrusted port is not allowed
Verification of hwaddr field is disabled
Verification of giaddr field is disabled

 

 

0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card