Solved: Re: DHCP and port-security

amizi · ‎02-28-2022

Hi.

I'm trying to understand why the DHCP of Vlan 1001 doesn't issue ip address to both PCs (3&4).

The switch next to the HUB has a port-security which allows only 1 MAC address to be learnt.

Can anyone explain it to me? What did I do wrong?

Thanks!

Seb Rupik · ‎03-02-2022

Hi there,

When I ran the PT file, PC4 received an address via DHCP, PC3 did not. This is down to the port-security creating a race condition between the two PCs which you have configured on Switch1 Fa0/6.

Make the following changes to Switch1 to ensure DHCP works properly and promptly.

!! Switch1
!
int Fa0/5 
 spanning-tree portfast 
!
int Fa0/6
 switchport port-security maximum 2
!

cheers,

Seb.

View solution in original post

Seb Rupik · ‎03-02-2022

Hi there,

When I ran the PT file, PC4 received an address via DHCP, PC3 did not. This is down to the port-security creating a race condition between the two PCs which you have configured on Switch1 Fa0/6.

Make the following changes to Switch1 to ensure DHCP works properly and promptly.

!! Switch1
!
int Fa0/5 
 spanning-tree portfast 
!
int Fa0/6
 switchport port-security maximum 2
!

cheers,

Seb.

amizi · ‎03-02-2022

Thanks for the reply.
I want to allow only 1 MAC address to be learnt, the "maximum 2" will allow more than one, isn't it?

Seb Rupik · ‎03-03-2022

Yes, maximum 2 will allow the MAC address of both PCs to be learnt and permitted to ingress Fa0/6. You need to permit both to allow the Ethernet frame carrying the DHCP Discovery and subsequent packets of both PCs to the DHCP server.

The spanning-tree portfast just allows the switchport which the DHCP server is connected it to begin forwarding sooner and therefore servicing DHCP packets.

cheers,

Seb.