Converting from IOS to NX-OS ip dhcp relay information trusted

Tore Nilsen · ‎12-02-2011

Hi,

I'm in a process of migrating a IOS swicth to a NX-OS 5596.

I try to find a equivalent IOS command "ip dhcp relay information trusted" for the NX-OS swicth.

We use the commad to transfer dhcp traffic from one vlan to another:

When I try the Nx-OS command below the dhcp traffic do not get through.

The IOS commands are:

! this is the subnet where the dchp server is located.

interface Vlan100

ip dhcp relay information trusted

ip address 10.100.100.254 255.255.255.0

no ip redirects

no ip proxy-arp

interface Vlan101

ip address 10.100.1.254 255.255.255.0

ip helper-address 10.100.100.1

no ip redirects

no ip proxy-arp

In NX-OS I try:

interface Vlan100

ip address 10.100.100.254/24

no ip redirects

no ip proxy-arp

no shutdown

exit

interface Vlan101

ip address 10.100.1.254/24

ip dhcp relay address 10.100.100.1

no ip redirects

no ip proxy-arp

no shutdown

exit

I hope that dhcp traffic where the dhcp clients and server are on different vlans are supported. After enabled snooping is see these messages: dhcp_snoop: dhcp_mcecm_is_mct_up : Error getting MCT state dhcp_snoop: Could not get trusted interface How can I make the interfaces trusted ? Thanks and regards, Tore

Richard Michael · ‎12-08-2011

Hello Tore,

We support relay option 82 (`ip dhcp relay information option). When it is enabled DHCP inserts option 82 sub options. We don't support any interface level commands like `ip dhcp relay information trusted' in DHCP relay. I dont think this is somthing in the N7K roadmap as well. I can take this as an enhancement request and update dev team about this.

Thanks,

Ricky Micky

*Rate useful posts

Tore Nilsen · ‎12-12-2011

So how can we relay the dhcp traffic from one vlan to another under the NX-OS?

The dhcp_snoop messages I get is:

dchp_mcecm_is_mct_up : error getting MCT state ....

..

Could not get trusted intf

Understand that the interfaces are untrusted by default in NX-OS. What commands should I use to make the interfaces trusted.

Thanks & Regards

Tore

Tore Nilsen · ‎12-19-2011

Hi,

I solved this issue by upgrading the NX-OS from version 5.0 to 5.1

Tore Nilsen

sims.ru · ‎11-14-2012

Hello,

I upgraded 5596UP (with L3 Module) to 5.2(1)N1(2a) and the dhcp_snooping while processing packets dhcp relayed stopped work properly (about the same sympthoms as described above):

dhcp_snoop: Could not get trusted intf

dhcp_snoop: DHCP reply not allowed on un-trusted intf 369099052

dhcp_snoop: DHCP validation errors

My configuration is the following:

feature dhcp

ip dhcp snooping

ip dhcp snooping information option

no ip dhcp snooping verify mac-address

service dhcp

ip dhcp relay

ip dhcp relay information option

ip dhcp snooping vlan 1-3967,4048-4093

interface vlan 10

description Users are here

ip address x.x.x.x/24

ip dhcp relay address y.y.y.x

interface vlan 2

description DHCP Server is here

ip address y.y.y.y/24

interface x/x

description DHCP Server is here

switchport access vlan 2

ip dhcp snooping trust

There is no problems while processing packets within the VLAN where DHCP Server resides. The problem is only for relayed packets.

While upgrade no configuration changes were performed (and before the upgrade all the dhcp_snooping operation was working properly).

Does anyone have any ideas?

Thanks.