09-05-2017 12:19 PM - edited 03-10-2019 12:53 AM
I have a network with a collapsed core/distribution layer and an access layer. If I connect a PC with DHCP client enabled onto the collapsed core, it gets a lease, so I know my DHCP server, helper addresses, etc are all working OK.
If I connect a trunk between Core/distribution and access, and configure an access port correctly, as expected I get a lease, so that proves the acces switch and the trunk.
OK, now the weird part. If I set up DHCP snooping on the access switch ONLY, trust the port on the access switch that supports the trunk, then I still get a lease, but if I move the trunk to another port, correctly configured, but without DHCP trust, I STILL get a lease, when I expexted to get none...
Config details:
Core/Dist switch: no DHCP snooping config at all
access switch:
! Global Config
!
ip dhcp snooping vlan 10
ip dhcp snooping
!
! Per Port configuration
!
interface GigabitEthernet0/1
description ##correctly configured trunk port - should support DHCP##
switchport trunk encapsulation dot1q
switchport trunk native vlan 20
switchport trunk allowed vlan 10,20
switchport mode trunk
ip dhcp snooping trust
!
interface GigabitEthernet0/2
description ##correctly configured access port - should support DHCP##
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/3
description ## incorrectly configured trunk port - should NOT support DHCP##
switchport trunk encapsulation dot1q
switchport trunk native vlan 20
switchport trunk allowed vlan 10,20
switchport mode trunk
!
What am I doing wrong? the setup seems to comply with all requirements, but DHCP snooping is not blocking DHCP info from the wrongly-configured trunk port
Thanks
Jim
Solved! Go to Solution.
09-06-2017 05:05 AM
- Debugging acquired DHCP leases can be confusing ; devices tend to revert to previous settings if no reply is received from the DHCP server ; so check the dhcp server's logs too as to re-verify wether a new dhcp request was received or not.
M.
09-06-2017 05:05 AM
- Debugging acquired DHCP leases can be confusing ; devices tend to revert to previous settings if no reply is received from the DHCP server ; so check the dhcp server's logs too as to re-verify wether a new dhcp request was received or not.
M.
09-06-2017 12:12 PM
Hey Marce
Thanks for spotting my newbie error, you got it in one!
The PC was reusing its earlier leased address...a change of test sequence and the behaviour was as expected.
Just shows, there's no fool like and old fool!
Jim
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: