cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
1000
Views
0
Helpful
1
Replies

Cat 4506 IP DHCP snooping detailed port statistics

vladakoci
Level 1
Level 1

Hello,

We had a high CPU utilization on our C4506 switch. IP DHCP Snooping process was the cause. We also saw this in log

Aug  7 11:56:48.686: %DHCP_SNOOPING-4-QUEUE_FULL: Fail to enqueue DHCP packet into processing queue: dhcp_snoop_pakQ, the queue is most likely full and packet will be dropped.

and got

#sho ip dhcp snoop stat

Packets Forwarded                                     = 35077762

Packets Dropped                                       = 1657926

Packets Dropped From untrusted ports                  = 11

We would like to be prepared for the next occurrence and want to be sure we quickly identify a port the problems come from.

Debug is not an option as we could make things even worse - high CPU utilization.

There seems not to be available any command that would show us per port packet statistics. I also went through SNMP MIB, but seems there are no such counters available per port.

We could look at the general port counters ( like Input broadcast ). But we think it might not be a way to reveal as the DHCP packet traffic could be relatively low to cause high CPU utilization, and we have quite high rate generated by normal traffic, so could not see clearly  from these counters what port could be a cause.

Does anyone know if there is a 'direct' way how to look at ports to see what are DHCP packet counters like ?

Thank you,

Vlad

1 Reply 1

vladakoci
Level 1
Level 1

I've opened a TAC ticket at Cisco asking for a methodology on how to see what port traffic the DHCP snooping process is utilized with, in other words if there is a 'direct' way how to look at ports to see what are DHCP snooping packet counters like.

There might be a bug in IOS related to IP DCHP snooping process.

We had this situation some days ago at our other site where we have the C4506 platform and because there high CPU utilization took longer time we were able to reveal the cause ā€“ a port was set in untrusted mode ( from DHCP snooping perspective ) and not a huge  IP DHCP relay unicast traffic ( sending from the Cisco router ) that went through this port caused a very high CPU utilization not only on this switch but also on other switches.

I am trying to find a good document that would tell me what the DHCP snooping process does exactly and cannot find any, but my guess is if there is a untrusted port configured and there is a DHCP traffic on it with option 82 ( which is by default not allowed on untrusted ports ) the DHCP snooping process should drop these packets and that's it. It looks like in our case this caused high CPU utilization on the switch, and what's more the switch in question somehow forwarded ( or whatever ) some traffic to other switches and caused high CPU utilization also on these.

Vlad

Review Cisco Networking for a $25 gift card