03-15-2018 04:07 PM - edited 03-08-2019 02:16 PM
Hi Guys,
We have enabled DHCP Snooping on around 30 2960X switch stacks and this morning i was presented with the following log....first one!
Mar 14 15:54:06.383 AEST: %DHCP_SNOOPING-5-DHCP_SNOOPING_UNTRUSTED_PORT: DHCP_SNOOPING drop message on untrusted port, message type: DHCPOFFER, MAC sa: ecf4.bb52.2334
My question is, how do i determine what port this message was generated on? The log message itself gives no hint as to the source......weird!
CLV-HO-LIB-LG-SW-01#sh ip dhcp snooping statistics detail Packets Processed by DHCP Snooping = 1475876 Packets Dropped Because IDB not known = 0 Queue full = 0 Interface is in errdisabled = 0 Rate limit exceeded = 0 Received on untrusted ports = 7 Nonzero giaddr = 0 Source mac not equal to chaddr = 0 No binding entry = 0 Insertion of opt82 fail = 0 Unknown packet = 0 Interface Down = 0 Unknown output interface = 3779 Misdirected Packets = 27601 Packets with Invalid Size = 0 Packets with Invalid Option = 0 CLV-HO-LIB-LG-SW-01#
CLV-HO-LIB-LG-SW-01#sh ip dhcp snooping database detail Agent URL : flash:dhcp-snooping.db Write delay Timer : 300 seconds Abort Timer : 300 seconds Agent Running : No Delay Timer Expiry : Not Running Abort Timer Expiry : Not Running Last Succeded Time : 09:03:04 AEST Fri Mar 16 2018 Last Failed Time : None Last Failed Reason : No failure recorded. Total Attempts : 2785 Startup Failures : 0 Successful Transfers : 2785 Failed Transfers : 0 Successful Reads : 1 Failed Reads : 0 Successful Writes : 2784 Failed Writes : 0 Media Failures : 0 First successful access: Read Last ignored bindings counters : Binding Collisions : 67 Expired leases : 0 Invalid interfaces : 0 Unsupported vlans : 0 Parse failures : 0 Last Ignored Time : 21:50:35 AEST Tue Jan 9 2018 Total ignored bindings counters: Binding Collisions : 67 Expired leases : 0 Invalid interfaces : 0 Unsupported vlans : 0 Parse failures : 0 CLV-HO-LIB-LG-SW-01#
CLV-HO-LIB-LG-SW-01#sh ip dhcp snooping binding MacAddress IpAddress Lease(sec) Type VLAN Interface ------------------ --------------- ---------- ------------- ---- -------------------- 48:4D:7E:D6:75:E1 10.10.120.87 1304362 dhcp-snooping 120 GigabitEthernet1/0/24 00:04:F2:FE:C9:BD 10.11.120.27 1281307 dhcp-snooping 620 GigabitEthernet2/0/1 84:7B:EB:E9:02:CD 10.10.120.26 697596 dhcp-snooping 120 GigabitEthernet1/0/22 00:04:F2:AA:AC:17 10.11.120.16 1355849 dhcp-snooping 620 GigabitEthernet2/0/28 84:7B:EB:55:E6:4E 10.10.120.71 1214026 dhcp-snooping 120 GigabitEthernet1/0/27 AC:A3:1E:C0:DE:A6 192.168.56.97 80776 dhcp-snooping 56 GigabitEthernet2/0/44 34:E6:D7:67:0C:F8 10.10.120.77 1130098 dhcp-snooping 120 GigabitEthernet2/0/22 00:04:F2:FE:14:BF 10.11.120.44 888258 dhcp-snooping 620 GigabitEthernet2/0/33 00:04:F2:AA:B1:ED 10.11.120.10 1188379 dhcp-snooping 620 GigabitEthernet3/0/34 00:04:F2:AB:7C:21 10.11.120.39 1060103 dhcp-snooping 620 GigabitEthernet3/0/15 14:B3:1F:2C:FD:86 10.10.120.81 1323304 dhcp-snooping 120 GigabitEthernet2/0/28 64:00:6A:50:19:42 10.10.120.86 19507 dhcp-snooping 120 GigabitEthernet3/0/17 48:4D:7E:D8:92:1C 10.10.120.18 1037599 dhcp-snooping 120 GigabitEthernet3/0/19 64:00:6A:86:7E:44 10.10.120.61 888259 dhcp-snooping 120 GigabitEthernet3/0/16 00:04:F2:AA:AD:17 10.11.120.72 1217698 dhcp-snooping 620 GigabitEthernet1/0/22 00:04:F2:74:25:C3 10.11.120.56 911630 dhcp-snooping 620 GigabitEthernet2/0/31 34:E6:D7:08:56:8E 10.10.120.34 695864 dhcp-snooping 120 GigabitEthernet3/0/34 A4:4C:C8:7A:54:05 10.10.120.43 1210706 dhcp-snooping 120 GigabitEthernet3/0/33 48:4D:7E:D6:D5:D5 10.10.120.49 1115110 dhcp-snooping 120 GigabitEthernet1/0/40 48:4D:7E:D8:A1:BF 10.10.120.99 171280 dhcp-snooping 120 GigabitEthernet2/0/9 B8:2A:72:FF:19:05 10.10.120.38 1056951 dhcp-snooping 120 GigabitEthernet2/0/22 68:27:37:17:1C:1B 10.10.120.68 1377226 dhcp-snooping 120 GigabitEthernet2/0/37 18:03:73:E7:B2:FF 10.10.120.20 1031147 dhcp-snooping 120 GigabitEthernet2/0/7 44:A8:42:FD:67:98 10.10.120.88 89386 dhcp-snooping 120 GigabitEthernet2/0/30 48:4D:7E:D8:2A:A3 10.10.120.32 1236341 dhcp-snooping 120 GigabitEthernet2/0/5 00:04:F2:AA:B3:41 10.11.120.36 1201920 dhcp-snooping 620 GigabitEthernet3/0/26 EC:F4:BB:52:23:34 10.10.120.84 1321778 dhcp-snooping 120 GigabitEthernet2/0/22 48:4D:7E:D8:8C:93 10.10.120.70 1052463 dhcp-snooping 120 GigabitEthernet3/0/4 18:66:DA:37:DA:07 10.10.120.23 1378715 dhcp-snooping 120 GigabitEthernet3/0/7 48:4D:7E:D6:6F:47 10.10.120.4 1031960 dhcp-snooping 120 GigabitEthernet1/0/31 00:04:F2:AA:AB:6D 10.11.120.8 1243209 dhcp-snooping 620 GigabitEthernet3/0/28 48:4D:7E:D6:71:02 10.10.120.19 1382139 dhcp-snooping 120 GigabitEthernet1/0/2 18:66:DA:37:E3:51 10.10.120.1 808291 dhcp-snooping 120 GigabitEthernet3/0/36 00:04:F2:AA:AB:43 10.11.120.21 905486 dhcp-snooping 620 GigabitEthernet2/0/5 AC:A3:1E:C0:E6:C0 192.168.56.6 54920 dhcp-snooping 56 GigabitEthernet1/0/46 00:04:F2:AA:AB:8A 10.11.120.24 1335447 dhcp-snooping 620 GigabitEthernet1/0/4 EC:F4:BB:6B:82:D2 10.10.120.90 1141336 dhcp-snooping 120 GigabitEthernet2/0/22 18:03:73:E7:6D:22 10.10.120.65 1379634 dhcp-snooping 120 GigabitEthernet2/0/38 AC:A3:1E:C0:E6:BE 192.168.56.8 70490 dhcp-snooping 56 GigabitEthernet3/0/44 68:27:37:17:1C:72 10.10.120.80 1377282 dhcp-snooping 120 GigabitEthernet2/0/39 00:04:F2:74:24:7C 10.11.120.46 1123002 dhcp-snooping 620 GigabitEthernet3/0/25 18:66:DA:37:D3:FA 10.10.120.45 1294640 dhcp-snooping 120 GigabitEthernet3/0/26 68:27:37:17:1C:1C 10.10.120.82 1378101 dhcp-snooping 120 GigabitEthernet2/0/41 48:4D:7E:D8:2A:96 10.10.120.56 1039156 dhcp-snooping 120 GigabitEthernet3/0/19 18:DB:F2:63:54:E4 10.10.120.102 17302 dhcp-snooping 120 GigabitEthernet2/0/18 00:04:F2:74:1A:A2 10.11.120.48 1155940 dhcp-snooping 620 GigabitEthernet3/0/16 48:4D:7E:D8:A1:D6 10.10.120.11 1322759 dhcp-snooping 120 GigabitEthernet2/0/21 00:04:F2:AA:B3:9C 10.11.120.15 802752 dhcp-snooping 620 GigabitEthernet1/0/5 18:66:DA:37:E7:D6 10.10.120.40 1382040 dhcp-snooping 120 GigabitEthernet3/0/29 00:04:F2:74:25:2B 10.11.120.32 1228584 dhcp-snooping 620 GigabitEthernet2/0/8 00:04:F2:AB:40:3D 10.11.120.14 1116936 dhcp-snooping 620 GigabitEthernet1/0/9 84:7B:EB:E9:78:47 10.10.120.7 1379160 dhcp-snooping 120 GigabitEthernet3/0/27 34:E6:D7:07:D4:A4 10.10.120.41 193648 dhcp-snooping 120 GigabitEthernet1/0/30 44:A8:42:FC:B5:BE 10.10.120.57 1379475 dhcp-snooping 120 GigabitEthernet2/0/2 00:04:F2:AA:AA:6B 10.11.120.19 1079082 dhcp-snooping 620 GigabitEthernet3/0/27 18:66:DA:37:E6:15 10.10.120.37 1377478 dhcp-snooping 120 GigabitEthernet1/0/3 64:00:6A:89:B6:54 10.10.120.69 1054124 dhcp-snooping 120 GigabitEthernet1/0/18 48:4D:7E:D8:4C:C8 10.10.120.97 1313108 dhcp-snooping 120 GigabitEthernet2/0/30 64:00:6A:8E:18:D6 10.10.120.46 1381110 dhcp-snooping 120 GigabitEthernet2/0/24 00:04:F2:AB:44:54 10.11.120.11 1039847 dhcp-snooping 620 GigabitEthernet1/0/29 18:66:DA:37:E6:E6 10.10.120.62 785783 dhcp-snooping 120 GigabitEthernet2/0/28 00:04:F2:AA:B3:59 10.11.120.31 1349449 dhcp-snooping 620 GigabitEthernet3/0/7 14:B3:1F:04:DB:5B 10.10.120.10 1210611 dhcp-snooping 120 GigabitEthernet3/0/33 18:66:DA:24:5F:FC 10.10.120.52 1041502 dhcp-snooping 120 GigabitEthernet2/0/30 18:66:DA:08:09:48 10.10.120.100 1382025 dhcp-snooping 120 GigabitEthernet2/0/30 FC:45:96:68:4F:2C 10.10.120.35 1376264 dhcp-snooping 120 GigabitEthernet1/0/35 18:66:DA:37:E5:AC 10.10.120.2 1375742 dhcp-snooping 120 GigabitEthernet2/0/14 00:04:F2:AB:7C:1D 10.11.120.30 1124755 dhcp-snooping 620 GigabitEthernet3/0/11 00:04:F2:AA:B1:7D 10.11.120.12 1299766 dhcp-snooping 620 GigabitEthernet3/0/29 18:66:DA:08:DE:A9 10.10.120.78 1058715 dhcp-snooping 120 GigabitEthernet3/0/19 D4:BE:D9:9E:2C:CA 10.10.120.200 1074512 dhcp-snooping 120 GigabitEthernet2/0/13 48:4D:7E:D8:9F:CB 10.10.120.83 865426 dhcp-snooping 120 GigabitEthernet3/0/47 EC:F4:BB:6B:82:D6 10.10.120.91 1227320 dhcp-snooping 120 GigabitEthernet2/0/22 34:E6:D7:07:CF:13 10.10.120.67 1121543 dhcp-snooping 120 GigabitEthernet3/0/22 F8:CA:B8:32:E9:72 10.10.120.47 1381960 dhcp-snooping 120 GigabitEthernet2/0/8 D0:67:E5:51:A1:A1 10.10.120.59 701471 dhcp-snooping 120 GigabitEthernet3/0/10 MacAddress IpAddress Lease(sec) Type VLAN Interface ------------------ --------------- ---------- ------------- ---- -------------------- 64:00:6A:67:CA:82 10.10.120.76 1379993 dhcp-snooping 120 GigabitEthernet1/0/9 8C:EC:4B:E6:9E:FE 10.10.120.98 1318018 dhcp-snooping 120 GigabitEthernet1/0/28 00:04:F2:AA:AA:E6 10.11.120.40 1035266 dhcp-snooping 620 GigabitEthernet1/0/17 84:7B:EB:E9:7E:BE 10.10.120.93 1211002 dhcp-snooping 120 GigabitEthernet1/0/4 98:90:96:DE:98:30 10.10.120.120 1375804 dhcp-snooping 120 GigabitEthernet1/0/29 D4:BE:D9:9E:54:5D 10.10.120.94 1046145 dhcp-snooping 120 GigabitEthernet3/0/9 00:26:73:9A:83:64 10.10.16.1 631246 dhcp-snooping 16 GigabitEthernet2/0/47 18:66:DA:15:A9:DE 10.10.120.55 1294954 dhcp-snooping 120 GigabitEthernet3/0/30 18:66:DA:14:DB:F5 10.10.120.89 1127234 dhcp-snooping 120 GigabitEthernet1/0/24 84:7B:EB:E9:06:40 10.10.120.50 699499 dhcp-snooping 120 GigabitEthernet1/0/26 00:04:F2:AB:42:1C 10.11.120.25 1335137 dhcp-snooping 620 GigabitEthernet2/0/18 00:04:F2:AA:AA:EC 10.11.120.13 808254 dhcp-snooping 620 GigabitEthernet1/0/40 D4:BE:D9:A5:A3:C0 10.10.120.96 1224571 dhcp-snooping 120 GigabitEthernet3/0/19 00:04:F2:AB:40:2E 10.11.120.6 838669 dhcp-snooping 620 GigabitEthernet2/0/7 18:66:DA:37:DE:0B 10.10.120.22 1377909 dhcp-snooping 120 GigabitEthernet1/0/17 78:2B:CB:B6:E3:DC 10.10.120.39 1311775 dhcp-snooping 120 GigabitEthernet2/0/27 84:7B:EB:E9:06:71 10.10.120.3 1213768 dhcp-snooping 120 GigabitEthernet3/0/11 18:66:DA:07:6B:3B 10.10.120.58 1074618 dhcp-snooping 120 GigabitEthernet2/0/1 00:04:F2:FE:5A:09 10.11.120.51 795495 dhcp-snooping 620 GigabitEthernet2/0/25 2C:23:3A:18:1F:80 192.168.111.129 54078 dhcp-snooping 304 GigabitEthernet1/0/44 48:4D:7E:D6:D2:3A 10.10.120.72 693904 dhcp-snooping 120 GigabitEthernet1/0/32 D4:BE:D9:9E:7F:82 10.10.120.42 889394 dhcp-snooping 120 GigabitEthernet3/0/31 00:04:F2:AB:40:20 10.11.120.29 837201 dhcp-snooping 620 GigabitEthernet3/0/23 48:4D:7E:D6:D3:9D 10.10.120.85 1120524 dhcp-snooping 120 GigabitEthernet2/0/20 D4:BE:D9:9E:55:3E 10.10.120.79 992654 dhcp-snooping 120 GigabitEthernet3/0/8 00:04:F2:AA:AA:13 10.11.120.38 1358751 dhcp-snooping 620 GigabitEthernet3/0/14 C8:08:E9:B7:DF:95 10.10.120.53 527822 dhcp-snooping 120 GigabitEthernet1/0/36 48:4D:7E:D6:6E:8C 10.10.120.5 1036773 dhcp-snooping 120 GigabitEthernet3/0/19 AC:A3:1E:C0:E7:3E 192.168.56.101 46102 dhcp-snooping 56 GigabitEthernet1/0/43 00:04:F2:64:E0:4C 10.11.120.42 862203 dhcp-snooping 620 GigabitEthernet2/0/24 9C:EB:E8:0B:16:83 10.10.120.73 1057823 dhcp-snooping 120 GigabitEthernet1/0/28 18:66:DA:14:BA:AB 10.10.120.66 1291521 dhcp-snooping 120 GigabitEthernet3/0/3 18:66:DA:37:D2:DB 10.10.120.64 1380828 dhcp-snooping 120 GigabitEthernet3/0/23 00:04:F2:AA:AB:F0 10.11.120.33 1197293 dhcp-snooping 620 GigabitEthernet1/0/35 00:04:F2:AA:AC:78 10.11.120.9 1224528 dhcp-snooping 620 GigabitEthernet3/0/36 48:4D:7E:D6:72:D4 10.10.120.63 1294328 dhcp-snooping 120 GigabitEthernet3/0/15 74:E6:E2:DD:CA:9B 10.10.120.92 1210565 dhcp-snooping 120 GigabitEthernet2/0/30 48:4D:7E:D8:8C:77 10.10.120.28 1074290 dhcp-snooping 120 GigabitEthernet2/0/10 00:04:F2:AB:7C:26 10.11.120.5 887717 dhcp-snooping 620 GigabitEthernet2/0/14 64:00:6A:8E:1C:FE 10.10.120.75 1380154 dhcp-snooping 120 GigabitEthernet3/0/21 00:04:F2:AD:C0:72 10.11.120.2 1161703 dhcp-snooping 620 GigabitEthernet1/0/3 00:04:F2:B2:94:BF 10.11.120.3 1044150 dhcp-snooping 620 GigabitEthernet2/0/3 00:04:F2:74:19:16 10.11.120.22 996886 dhcp-snooping 620 GigabitEthernet2/0/38 00:04:F2:74:20:F2 10.11.120.26 1191344 dhcp-snooping 620 GigabitEthernet1/0/27 18:66:DA:38:10:30 10.10.120.48 1379678 dhcp-snooping 120 GigabitEthernet1/0/5 34:E6:D7:07:CE:C5 10.10.120.60 450233 dhcp-snooping 120 GigabitEthernet3/0/25 00:04:F2:AA:B2:19 10.11.120.43 1291216 dhcp-snooping 620 GigabitEthernet3/0/10 00:04:F2:AA:B2:18 10.11.120.23 1064535 dhcp-snooping 620 GigabitEthernet3/0/3 48:4D:7E:D8:27:AD 10.10.120.44 1379622 dhcp-snooping 120 GigabitEthernet3/0/28 48:4D:7E:D6:75:F2 10.10.120.17 1206462 dhcp-snooping 120 GigabitEthernet3/0/14 00:04:F2:AB:40:D5 10.11.120.7 814536 dhcp-snooping 620 GigabitEthernet2/0/2 74:E6:E2:DD:D2:23 10.10.120.95 1296171 dhcp-snooping 120 GigabitEthernet2/0/30 00:04:F2:AB:43:55 10.11.120.34 1171782 dhcp-snooping 620 GigabitEthernet3/0/30 00:04:F2:AB:7E:4A 10.11.120.18 928789 dhcp-snooping 620 GigabitEthernet3/0/21 84:7B:EB:E9:78:BF 10.10.120.8 1073938 dhcp-snooping 120 GigabitEthernet2/0/31 00:04:F2:AA:AA:24 10.11.120.17 817949 dhcp-snooping 620 GigabitEthernet2/0/21 Total number of bindings: 132 CLV-HO-LIB-LG-SW-01#
Thanks in advance
03-15-2018 11:22 PM - edited 03-15-2018 11:39 PM
Hello,
if you can't find the reported source address in the mac address table, you could run a
"debug ip dhcp snooping ecf4.bb52.2334".
Output example:
DHCP_SNOOPING: process new DHCP packet,
message type: DHCPOFFER,
input interface: Gi0/1,
MAC da: 0017.0887.ad5b,
MAC sa: 0009.b613.8701,
IP da: 192.168.71.61,
IP sa: 192.168.71.252,
DHCP ciaddr: 0.0.0.0,
DHCP yiaddr: 192.168.71.61,
DHCP siaddr: 192.168.53,
DHCP giaddr: 192.168.71.252,
DHCP chaddr: 0017.0887.ad5b
However, in this case you have a binding entry for the mac address which showes you the interface as well:
CLV-HO-LIB-LG-SW-01#show ip dhcp snooping binding [ecf4.bb52.2334]
MacAddress IpAddress Lease(sec) Type VLAN Interface
EC:F4:BB:52:23:34 10.10.120.84 1321778 dhcp-snooping 120 GigabitEthernet2/0/22
I believe the DHCP_SNOOPING-5-DHCP_SNOOPING_UNTRUSTED_PORT syslog message normally showes the interface as well, might be a quirk of that IOS or platform...
HTH
Rolf
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide