Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2699
Views
10
Helpful
4
Replies

DHCP snooping blocks all dhcp traffic

Go to solution
harm.prins
Level 1
Level 1

‎01-15-2022 12:54 PM

Hello,

 

I'm struggling with DHCP snooping, and I can't find any helpful information on the internet. So i hope someone here can help.

I'm configuring DHCP snooping, and (as far as i know), I've configured it according to the manual. But now my DHCP won't work anymore (DHCP request failed on end devices). When I disable DHCP snooping, everything works again.

 

Context: This all takes place in Packet Traces, on a 2960 switch

 

My config looks like this (all fastethernet ports are end devices, g0/1 is connected to the DHCP server via some other switches):

 

Building configuration...

Current configuration : 2970 bytes
!
version 15.0
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Sw-Zw-Office-1
!
!
!
!
!
ip dhcp snooping vlan 10,20,50,100,150
ip dhcp snooping
!
spanning-tree mode pvst
spanning-tree extend system-id
!
interface FastEthernet0/1
 switchport access vlan 10
 ip dhcp snooping limit rate 10
 switchport mode access
 switchport port-security
 switchport port-security mac-address sticky 
 switchport port-security mac-address sticky 0060.3E05.7998
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/2
 switchport access vlan 10
 ip dhcp snooping limit rate 10
 switchport mode access
 switchport port-security
 switchport port-security mac-address sticky 
 switchport port-security mac-address sticky 0002.16BD.2461
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/3
 switchport access vlan 20
 ip dhcp snooping limit rate 10
 switchport mode access
 switchport port-security
 switchport port-security mac-address sticky 
 switchport port-security mac-address sticky 0090.215B.1C3D
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/4
 switchport access vlan 20
 ip dhcp snooping limit rate 10
 switchport mode access
 switchport voice vlan 150
 switchport port-security
 switchport port-security maximum 3
 switchport port-security mac-address sticky 
 switchport port-security mac-address sticky 0001.C7C1.6B70
 switchport port-security mac-address sticky 0005.5E95.C343
 spanning-tree portfast
 spanning-tree bpduguard enable
 mls qos trust cos
!
interface FastEthernet0/5
 switchport access vlan 10
 ip dhcp snooping limit rate 10
 switchport mode access
 switchport port-security
 switchport port-security mac-address sticky 
 switchport port-security mac-address sticky 0060.5C17.69BC
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/6
 shutdown
!
interface FastEthernet0/7
 shutdown
!
interface FastEthernet0/8
 shutdown
!
interface FastEthernet0/9
 shutdown
!
interface FastEthernet0/10
 shutdown
!
interface FastEthernet0/11
 shutdown
!
interface FastEthernet0/12
 shutdown
!
interface FastEthernet0/13
 shutdown
!
interface FastEthernet0/14
 shutdown
!
interface FastEthernet0/15
 shutdown
!
interface FastEthernet0/16
 shutdown
!
interface FastEthernet0/17
 shutdown
!
interface FastEthernet0/18
 shutdown
!
interface FastEthernet0/19
 shutdown
!
interface FastEthernet0/20
 shutdown
!
interface FastEthernet0/21
 shutdown
!
interface FastEthernet0/22
 shutdown
!
interface FastEthernet0/23
 shutdown
!
interface FastEthernet0/24
 shutdown
!
interface GigabitEthernet0/1
 switchport trunk native vlan 100
 switchport trunk allowed vlan 10,20,50,100,150
 ip dhcp snooping trust
 switchport mode trunk
!
interface GigabitEthernet0/2
 shutdown
!
interface Vlan1
 no ip address
 shutdown
!
!
!
!
line con 0
!
line vty 0 4
 login
line vty 5 15
 login
!
!
!
!
end
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
paul driver
VIP
VIP

‎01-15-2022 01:30 PM

Hello

Appy the following and test again:

no ip dhcp snooping information option 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

4 Replies 4

Go to solution
MHM Cisco World
VIP
VIP

‎01-15-2022 01:28 PM - edited ‎01-15-2022 01:35 PM

follow

0 Helpful

Go to solution
paul driver
VIP
VIP

‎01-15-2022 01:30 PM

Hello

Appy the following and test again:

no ip dhcp snooping information option 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Go to solution
harm.prins
Level 1
Level 1
In response to paul driver

‎01-15-2022 01:41 PM

Yeah that works! But why?

 

Thanks!

0 Helpful

Go to solution
paul driver
VIP
VIP
In response to harm.prins

‎01-15-2022 02:21 PM

Hello

It all to do with a feature called option 82 which is enabled by default when dhcp snooping is enabled  this feature sends this option 82 towards the dhcp server and if the server dosent support it - it will not respond with an offer to the client - So you can tell the switch with snooping enabled not send dhcp discovery messages with this option so the dhcp server that doesn’t support it will reply with an offer 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card