Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1881
Views
0
Helpful
3
Replies

Catalyst 9300 - DHCP snooping and VXLAN

Go to solution
olivier.zimmermann
Level 1
Level 1

‎09-05-2019 01:16 AM

Hi all,

I'm currently testing the Catalyst 9300.
It's configured as a VXLAN leaf, here the base configuration of VXLAN/BPG EVPN:

l2vpn evpn
replication-type static
!
vlan configuration 84
member evpn-instance 84 vni 11084
!
interface GigabitEthernet1/0/1
description "End host"
switchport access vlan 84
spanning-tree portfast
!
interface TenGigabitEthernet1/1/1
description "To spine"
no switchport
ip unnumbered Loopback0
ip pim sparse-mode
ip router isis
ip lisp source-locator Loopback0
!
!
interface nve1
no ip address
source-interface Loopback0
host-reachability protocol bgp
member vni 11084 mcast-group 239.1.1.84
!
router bgp 65501
bgp router-id interface Loopback0
bgp log-neighbor-changes
bgp graceful-restart
neighbor 10.30.8.1 remote-as 65501
neighbor 10.30.8.1 update-source Loopback0
!
address-family ipv4
no neighbor 10.30.8.1 activate
exit-address-family
!
address-family l2vpn evpn
neighbor 10.30.8.1 activate
neighbor 10.30.8.1 send-community both
maximum-paths 4
exit-address-family
!
ip pim rp-address 10.30.8.1
ip pim ssm default

 

This conf with VXLAN is working fine.

Now, I would like to enable DHCP snooping. I added these commands:
ip dhcp snooping vlan 84
ip dhcp snooping

 

But how to add the trusted interface for the snooping ?
I find nothing is the docs, in fact is DHCP snooping supported for VXLAN's VLAN ?

Thanks in advance for help.

Olivier

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP
In response to olivier.zimmermann

‎09-05-2019 05:47 AM

Sorry for that. It's the same for the Catalyst 9300:

 

DHCP snooping (Dynamic Host Configuration Protocol snooping) is not supported on VXLAN VLANs.

 

Go to the Guidelines and Limitations in the document attached:

 

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/16-9/configuration_guide/lyr2/b_169_lyr2_9300_cg/configuring_vxlan_bgp_evpn.html#id_79178

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Georg Pauwen
VIP
VIP

‎09-05-2019 02:45 AM

Hello,

 

from the attached document:

 

DHCP snooping, ACL, and QoS policies are not supported on VXLAN VLANs.

 

Scroll to the bottom of Table 2:

 

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/vxlan/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_VXLAN_Configuration_Guide_7x/b_Cisco_Nexus_9000_Series_NX-OS_VXLAN_Configuration_Guide_7x_chapter_011.html

0 Helpful

Go to solution
olivier.zimmermann
Level 1
Level 1
In response to Georg Pauwen

‎09-05-2019 05:37 AM

Hi Georg,

 

Thanks for the answer, but it's for Nexus switches.

 

I'm wondering if it's the same for the Catalyst 9000 family ?

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to olivier.zimmermann

‎09-05-2019 05:47 AM

Sorry for that. It's the same for the Catalyst 9300:

 

DHCP snooping (Dynamic Host Configuration Protocol snooping) is not supported on VXLAN VLANs.

 

Go to the Guidelines and Limitations in the document attached:

 

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/16-9/configuration_guide/lyr2/b_169_lyr2_9300_cg/configuring_vxlan_bgp_evpn.html#id_79178

0 Helpful
Customers Also Viewed These Support Documents