Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
404
Views
0
Helpful
2
Replies

DHCP Snooping - 1 min delay

azim1
Level 1
Level 1

‎01-23-2019 03:50 AM - edited ‎03-08-2019 05:07 PM

Hi,

 

I have issue that Windows (networking) start working in 1 minut after log in.

 

!

interface GigabitEthernet0/30
  switchport access vlan 10
 switchport mode access
 switchport voice vlan 20
 ip arp inspection limit rate 300
 storm-control broadcast level 25.00
 storm-control action shutdown
 spanning-tree portfast edge
 spanning-tree bpduguard enable
 ip dhcp snooping limit rate 10

!

ip dhcp snooping vlan 10,20
ip dhcp snooping information option allow-untrusted
no ip dhcp snooping information option
ip dhcp snooping database tftp:x.x.x.x
ip dhcp snooping database write-delay 15
ip dhcp snooping database timeout 15
ip dhcp snooping

!

ip arp inspection vlan 10,20
ip arp inspection validate src-mac
!

 

Some logs:

Jan 23 11:15:33.936: %SW_DAI-4-DHCP_SNOOPING_DENY: 2 Invalid ARPs (Req) on Gi0/30, vlan 3.([2047.47bf.91a5/10.250.5.140/0000.0000.0000/10.250.5.1/12:15:33 UTC Wed Jan 23 2019])
Jan 23 11:15:34.756: %LINK-3-UPDOWN: Interface GigabitEthernet0/30, changed state to up
Jan 23 11:15:34.936: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi0/30, vlan 3.([2047.47bf.91a5/10.250.5.140/0000.0000.0000/10.250.5.1/12:15:34 UTC Wed Jan 23 2019])

.

.

.

Jan 23 11:16:36.023: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi0/30, vlan 3.([2047.47bf.91a5/10.250.5.140/0000.0000.0000/10.250.5.1/12:16:35 UTC Wed Jan 23 2019])

 

And after one minute everything is working.

When ip / mac are in dhcp datebase, everything is okey, but when lease time expire 1 minute delay start showing.

 

this is natural, or can I decrease this delay somehow ?

Labels:
0 Helpful
2 Replies 2

MUHAMMAD TAYYAB MUNIR
Level 1
Level 1

‎01-23-2019 04:30 AM

Hi Azim,

 

Yeah, its normal time before processing the request!

 

BR,

Tayyab - www.tayyabmunir.com

 

*** Please rate if the response helpful***

*** Please rate all helpful responses and mark solutions***
0 Helpful

Mark Malone
VIP Alumni
VIP Alumni

‎01-23-2019 04:34 AM

There is a guideline of 30 seconds , its not much of a delay to fix ,  switch learns the mac, mac resolves to ip, dhcp snooping permits , take into account STP too even if only a few seconds all adds up from start to finish for access but as you seen if the fist section is already known its a lot quicker

Only timer im aware off specific to snooping is the below :

Specify (in seconds) how long to wait for the database transfer process to finish before stopping the process.

The default is 300 seconds. The range is 0 to 86400. Use 0 to define an infinite duration, which means to continue trying the transfer indefinitely.

ip dhcp snooping database timeout seconds x

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card