12-02-2011 07:52 AM - edited 03-07-2019 03:42 AM
Hi,
I'm in a process of migrating a IOS swicth to a NX-OS 5596.
I try to find a equivalent IOS command "ip dhcp relay information trusted" for the NX-OS swicth.
We use the commad to transfer dhcp traffic from one vlan to another:
When I try the Nx-OS command below the dhcp traffic do not get through.
The IOS commands are:
! this is the subnet where the dchp server is located.
interface Vlan100
ip dhcp relay information trusted
ip address 10.100.100.254 255.255.255.0
no ip redirects
no ip proxy-arp
interface Vlan101
ip address 10.100.1.254 255.255.255.0
ip helper-address 10.100.100.1
no ip redirects
no ip proxy-arp
In NX-OS I try:
interface Vlan100
ip address 10.100.100.254/24
no ip redirects
no ip proxy-arp
no shutdown
exit
interface Vlan101
ip address 10.100.1.254/24
ip dhcp relay address 10.100.100.1
no ip redirects
no ip proxy-arp
no shutdown
exit
I hope that dhcp traffic where the dhcp clients and server are on different vlans are supported. After enabled snooping is see these messages: dhcp_snoop: dhcp_mcecm_is_mct_up : Error getting MCT state dhcp_snoop: Could not get trusted interface How can I make the interfaces trusted ? Thanks and regards, Tore
12-08-2011 05:19 PM
Hello Tore,
We support relay option 82 (`ip dhcp relay information option). When it is enabled DHCP inserts option 82 sub options. We don't support any interface level commands like `ip dhcp relay information trusted' in DHCP relay. I dont think this is somthing in the N7K roadmap as well. I can take this as an enhancement request and update dev team about this.
Thanks,
Ricky Micky
*Rate useful posts
12-12-2011 05:53 AM
So how can we relay the dhcp traffic from one vlan to another under the NX-OS?
The dhcp_snoop messages I get is:
dchp_mcecm_is_mct_up : error getting MCT state ....
..
Could not get trusted intf
Understand that the interfaces are untrusted by default in NX-OS. What commands should I use to make the interfaces trusted.
Thanks & Regards
Tore
12-19-2011 03:56 AM
Hi,
I solved this issue by upgrading the NX-OS from version 5.0 to 5.1
Tore Nilsen
11-14-2012 01:40 PM
Hello,
I upgraded 5596UP (with L3 Module) to 5.2(1)N1(2a) and the dhcp_snooping while processing packets dhcp relayed stopped work properly (about the same sympthoms as described above):
dhcp_snoop: Could not get trusted intf
dhcp_snoop: DHCP reply not allowed on un-trusted intf 369099052
dhcp_snoop: DHCP validation errors
My configuration is the following:
feature dhcp
ip dhcp snooping
ip dhcp snooping information option
no ip dhcp snooping verify mac-address
service dhcp
ip dhcp relay
ip dhcp relay information option
ip dhcp snooping vlan 1-3967,4048-4093
interface vlan 10
description Users are here
ip address x.x.x.x/24
ip dhcp relay address y.y.y.x
interface vlan 2
description DHCP Server is here
ip address y.y.y.y/24
interface x/x
description DHCP Server is here
switchport access vlan 2
ip dhcp snooping trust
There is no problems while processing packets within the VLAN where DHCP Server resides. The problem is only for relayed packets.
While upgrade no configuration changes were performed (and before the upgrade all the dhcp_snooping operation was working properly).
Does anyone have any ideas?
Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide