cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
882
Views
0
Helpful
0
Replies
Highlighted
Beginner

DHCP snooping with PXE boot

Hello,

I want to check with you if someone already ran into this problem, my scenario is quite simple:

4500 or 3850 as access --- 6807 as distribution

The access layer is configured with DHCP snooping and no ip dhcp snooping information option, there is nothing configured on the distribution since there is no user connectivity over there.

The problem that I'm having is that clients with PXE Boot option were not able to receive any IP address from the DHCP nor the PXE server, clients without this option are able to receive DHCP address from the DHCP server.

Key notes:

* I already trusted the uplinks from the access towards the distribution

* I already trusted the connection to the PXE servers

* Configured no ip dhcp snooping information option command

* SVI configured on the Distribution Switch, access swith is a layer 2 device

If I run a debug on the MAC address this is the output:

Aug 16 16:23:22.511 CDT: DHCP_SNOOPING: process new DHCP packet, message type: DHCPDISCOVER, input interface: Gi1/27, MAC da: ffff.ffff.ffff, MAC sa: ecf4.bb29.675e, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: ecf4.bb29.675e
Aug 16 16:23:22.511 CDT: DHCP_SNOOPING: message type : DHCPDISCOVER DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: ecf4.bb29.675e
Aug 16 16:23:22.511 CDT: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (212)
Aug 16 16:23:22.511 CDT: DHCP_SNOOPING_SW: bridge packet send packet to port: GigabitEthernet1/25, vlan 212.
Aug 16 16:23:22.512 CDT: DHCP_SNOOPING_SW: bridge packet send packet to port: Port-channel2, vlan 212.
Aug 16 16:23:22.516 CDT: DHCP_SNOOPING: process new DHCP packet, message type: DHCPOFFER, input interface: Gi1/25, MAC da: ffff.ffff.ffff, MAC sa: f8b1.56b3.b044, IP da: 255.255.255.255, IP sa: 10.82.212.246, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 10.82.212.246, DHCP giaddr: 0.0.0.0, DHCP chaddr: ecf4.bb29.675e
FSAR-COE23052-SW#
Aug 16 16:23:22.517 CDT: DHCP_SNOOPING: message type : DHCPOFFER DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 10.82.212.246, DHCP giaddr: 0.0.0.0, DHCP chaddr: ecf4.bb29.675e
Aug 16 16:23:22.517 CDT: DHCP_SNOOPING: direct forward dhcp replyto output port: GigabitEthernet1/27.
FSAR-COE23052-SW#
Aug 16 16:23:26.520 CDT: DHCP_SNOOPING: process new DHCP packet, message type: DHCPDISCOVER, input interface: Gi1/27, MAC da: ffff.ffff.ffff, MAC sa: ecf4.bb29.675e, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: ecf4.bb29.675e
Aug 16 16:23:26.520 CDT: DHCP_SNOOPING: message type : DHCPDISCOVER DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: ecf4.bb29.675e
Aug 16 16:23:26.520 CDT: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (212)
FSAR-COE23052-SW#
Aug 16 16:23:26.520 CDT: DHCP_SNOOPING_SW: bridge packet send packet to port: GigabitEthernet1/25, vlan 212.
Aug 16 16:23:26.521 CDT: DHCP_SNOOPING_SW: bridge packet send packet to port: Port-channel2, vlan 212.
FSAR-COE23052-SW#
Aug 16 16:23:30.529 CDT: DHCP_SNOOPING: process new DHCP packet, message type: DHCPDISCOVER, input interface: Gi1/27, MAC da: ffff.ffff.ffff, MAC sa: ecf4.bb29.675e, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: ecf4.bb29.675e
Aug 16 16:23:30.529 CDT: DHCP_SNOOPING: message type : DHCPDISCOVER DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: ecf4.bb29.675e
Aug 16 16:23:30.530 CDT: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (212)
FSAR-COE23052-SW#
Aug 16 16:23:30.530 CDT: DHCP_SNOOPING_SW: bridge packet send packet to port: GigabitEthernet1/25, vlan 212.
Aug 16 16:23:30.530 CDT: DHCP_SNOOPING_SW: bridge packet send packet to port: Port-channel2, vlan 212.
FSAR-COE23052-SW#
Aug 16 16:23:34.543 CDT: DHCP_SNOOPING: process new DHCP packet, message type: DHCPDISCOVER, input interface: Gi1/27, MAC da: ffff.ffff.ffff, MAC sa: ecf4.bb29.675e, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: ecf4.bb29.675e
Aug 16 16:23:34.543 CDT: DHCP_SNOOPING: message type : DHCPDISCOVER DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: ecf4.bb29.675e
Aug 16 16:23:34.543 CDT: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (212)
FSAR-COE23052-SW#
Aug 16 16:23:34.543 CDT: DHCP_SNOOPING_SW: bridge packet send packet to port: GigabitEthernet1/25, vlan 212.
Aug 16 16:23:34.544 CDT: DHCP_SNOOPING_SW: bridge packet send packet to port: Port-channel2, vlan 212.
FSAR-COE23052-SW#
Aug 16 16:23:38.548 CDT: DHCP_SNOOPING: process new DHCP packet, message type: DHCPDISCOVER, input interface: Gi1/27, MAC da: ffff.ffff.ffff, MAC sa: ecf4.bb29.675e, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: ecf4.bb29.675e
Aug 16 16:23:38.549 CDT: DHCP_SNOOPING: message type : DHCPDISCOVER DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: ecf4.bb29.675e
Aug 16 16:23:38.549 CDT: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (212)
FSAR-COE23052-SW#
Aug 16 16:23:38.549 CDT: DHCP_SNOOPING_SW: bridge packet send packet to port: GigabitEthernet1/25, vlan 212.
Aug 16 16:23:38.549 CDT: DHCP_SNOOPING_SW: bridge packet send packet to port: Port-channel2, vlan 212.
FSAR-COE23052-SW#
Aug 16 16:23:42.558 CDT: DHCP_SNOOPING: process new DHCP packet, message type: DHCPDISCOVER, input interface: Gi1/27, MAC da: ffff.ffff.ffff, MAC sa: ecf4.bb29.675e, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: ecf4.bb29.675e
Aug 16 16:23:42.558 CDT: DHCP_SNOOPING: message type : DHCPDISCOVER DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: ecf4.bb29.675e
Aug 16 16:23:42.558 CDT: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (212)
FSAR-COE23052-SW#
Aug 16 16:23:42.558 CDT: DHCP_SNOOPING_SW: bridge packet send packet to port: GigabitEthernet1/25, vlan 212.
Aug 16 16:23:42.559 CDT: DHCP_SNOOPING_SW: bridge packet send packet to port: Port-channel2, vlan 212.
FSAR-COE23052-SW#
Aug 16 16:23:46.568 CDT: DHCP_SNOOPING: process new DHCP packet, message type: DHCPDISCOVER, input interface: Gi1/27, MAC da: ffff.ffff.ffff, MAC sa: ecf4.bb29.675e, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: ecf4.bb29.675e
Aug 16 16:23:46.568 CDT: DHCP_SNOOPING: message type : DHCPDISCOVER DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: ecf4.bb29.675e
Aug 16 16:23:46.568 CDT: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (212)
FSAR-COE23052-SW#
Aug 16 16:23:46.568 CDT: DHCP_SNOOPING_SW: bridge packet send packet to port: GigabitEthernet1/25, vlan 212.
Aug 16 16:23:46.569 CDT: DHCP_SNOOPING_SW: bridge packet send packet to port: Port-channel2, vlan 212.
FSAR-COE23052-SW#
Aug 16 16:23:50.577 CDT: DHCP_SNOOPING: process new DHCP packet, message type: DHCPDISCOVER, input interface: Gi1/27, MAC da: ffff.ffff.ffff, MAC sa: ecf4.bb29.675e, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: ecf4.bb29.675e
Aug 16 16:23:50.578 CDT: DHCP_SNOOPING: message type : DHCPDISCOVER DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: ecf4.bb29.675e
Aug 16 16:23:50.578 CDT: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (212)
FSAR-COE23052-SW#
Aug 16 16:23:50.578 CDT: DHCP_SNOOPING_SW: bridge packet send packet to port: GigabitEthernet1/25, vlan 212.
Aug 16 16:23:50.578 CDT: DHCP_SNOOPING_SW: bridge packet send packet to port: Port-channel2, vlan 212.
FSAR-COE23052-SW#

From this debug the important part, from my perspective is the next line:

Aug 16 16:23:26.520 CDT: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (212)

All the solutions that I've been searching point to disable the information option, where I already did that.

I made a couple of captures that I'll upload to the case, if you filter bootp on those packet captures you'll see that when DHCP Snooping is disabled the DHCP server and the PXE server willl repond to the DHCPREQUEST, when I enable DHCP Snooping there is no reponse from the SVI.

I hope that someone could help me on this problem.

Thanks

Everyone's tags (1)