cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
905
Views
5
Helpful
2
Replies
meiyappan
Beginner

Regarding DHCP snooping

Hi ALL ,

 

we are running dhcp snooping on  our 4506 switch, i got the log message below. Kindly suggest what are the steps need to take.

 

Logs:

 

%DHCP_SNOOPING-5-DHCP_SNOOPING_UNTRUSTED_PORT: DHCP_SNOOPING drop message on untrusted port, message type: DHCPACK, MAC sa: xx:xx

2 REPLIES 2
Peter Paluch
Hall of Fame Cisco Employee

Hello,

DHCP messages can be divided into two groups depending on whether these message are originated and sent by clients or servers. DHCP client messages are DISCOVER, REQUEST, INFORM, DECLINE, and RELEASE. DHCP server messages are OFFER, ACK, and NAK. DHCP Snooping, beyond a myriad of other checks, makes sure that server messages will only be accepted on trusted ports where legitimate DHCP servers are supposed to be connected. This is to prevent clients from acting as DHCP servers and injecting incorrect or malicious configuration data to clients.

The logging message you have posted says that a server message, in this case, a DHCP ACK, was received on an untrusted port. As DHCP servers are supposed to be connected only to trusted ports, this message suggests that either some of your clients tries to pose as a DHCP server, or that your network is misconfigured/miscabled, with DHCP server messages being received by untrusted ports on which they never should be received.

You should investigate the MAC addresses and other information from the logging message to find out if the station originating these messages is a legitimate DHCP server. If it is then you will need to re-check your network connections and configuration to find out why these messages are arriving to an untrusted port. If that station is an illegitimate DHCP server then it should be inspected and the DHCP server or an infiltration removed.

Best regards,
Peter

Moin Ilyas
Enthusiast

Please refer to the following link:

https://supportforums.cisco.com/discussion/10841716/dhcp-snooping-log-results-what-it

Hope it helps.