Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3573
Views
5
Helpful
2
Replies

Regarding DHCP snooping

meiyappan
Level 1
Level 1

‎02-12-2015 12:02 AM - edited ‎03-05-2019 12:46 AM

Hi ALL ,

 

we are running dhcp snooping on  our 4506 switch, i got the log message below. Kindly suggest what are the steps need to take.

 

Logs:

 

%DHCP_SNOOPING-5-DHCP_SNOOPING_UNTRUSTED_PORT: DHCP_SNOOPING drop message on untrusted port, message type: DHCPACK, MAC sa: xx:xx

Labels:
0 Helpful
2 Replies 2

Peter Paluch
Cisco Employee
Cisco Employee

‎02-16-2015 08:49 AM

Hello,

DHCP messages can be divided into two groups depending on whether these message are originated and sent by clients or servers. DHCP client messages are DISCOVER, REQUEST, INFORM, DECLINE, and RELEASE. DHCP server messages are OFFER, ACK, and NAK. DHCP Snooping, beyond a myriad of other checks, makes sure that server messages will only be accepted on trusted ports where legitimate DHCP servers are supposed to be connected. This is to prevent clients from acting as DHCP servers and injecting incorrect or malicious configuration data to clients.

The logging message you have posted says that a server message, in this case, a DHCP ACK, was received on an untrusted port. As DHCP servers are supposed to be connected only to trusted ports, this message suggests that either some of your clients tries to pose as a DHCP server, or that your network is misconfigured/miscabled, with DHCP server messages being received by untrusted ports on which they never should be received.

You should investigate the MAC addresses and other information from the logging message to find out if the station originating these messages is a legitimate DHCP server. If it is then you will need to re-check your network connections and configuration to find out why these messages are arriving to an untrusted port. If that station is an illegitimate DHCP server then it should be inspected and the DHCP server or an infiltration removed.

Best regards,
Peter

Moin Ilyas
Level 4
Level 4

‎02-18-2015 02:27 AM

Please refer to the following link:

https://supportforums.cisco.com/discussion/10841716/dhcp-snooping-log-results-what-it

Hope it helps.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card