Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1603
Views
0
Helpful
1
Replies

DHCP snooping client doesn't get IP

bvj197222
Level 1
Level 1

‎08-09-2017 01:09 PM - edited ‎03-08-2019 11:40 AM

We are in the process of implementing DHCP snooping. Clients are unable to obtain ip-address. We have only configured DHCP snooping on the Access-switches. Our configuration is this;

#ip dhcp snooping vlan 1-4094

#ip dhcp snooping
#ip dhcp snooping information option allow-untrusted
#ip dhcp snooping database flash:dhcpb.txt

#ip dhcp snooping information trust

Trunk going to the core;

#ip dhcp snooping trust

Our dhcp-server is a Win2012-server. I turn off snooping and the Clients get ip. I tried without the option 82 also, disabling the 'ip dhcp snooping information...".

There's no entries in the #sh ip dhcp snooping binding.

SW-EF3-2#sh ip dhcp snooping       
Switch DHCP snooping is enabled
DHCP snooping is configured on following VLANs:
1-4094
DHCP snooping is operational on following VLANs:
1,102-103,201,300-303,310-312,315-316,320,330-332,340,352,360-362,433,500,502-504,550-551,555,666-667,670,672,701-703,800-801,803-805,808,816,824,832,840,856,864-865,872
Smartlog is configured on following VLANs:
none
Smartlog is operational on following VLANs:
none
DHCP snooping is configured on the following L3 Interfaces:
Insertion of option 82 is enabled
   circuit-id default format: vlan-mod-port
   remote-id: 70ca.9b93.4680 (MAC)
Option 82 on untrusted port is allowed
Verification of hwaddr field is enabled
Verification of giaddr field is enabled
The configuration on the Access ports;
description 802.1x
 switchport access vlan 320
 switchport mode access
 ip arp inspection limit rate 15 burst interval 5
 authentication control-direction in
 authentication event fail action authorize vlan 666
 authentication event server dead action authorize vlan 320
 authentication event no-response action authorize vlan 666
 authentication event server alive action reinitialize
 authentication order mab dot1x
 authentication port-control auto
 mab
 snmp trap mac-notification change added
 snmp trap mac-notification change removed
 dot1x pae authenticator
 dot1x timeout quiet-period 20
 dot1x timeout tx-period 10
 storm-control broadcast level 5.00
 storm-control multicast level 30.00
 no cdp enable
 spanning-tree portfast
 spanning-tree bpduguard enable
 spanning-tree guard root
 ip verify source port-security
 ip dhcp snooping limit rate 100
Debug;
DHCP Snooping packet debugging is on
DHCP Snooping event debugging is on
DHCP server event debugging is on.
Debug output;
Aug  9 21:43:44.283: %AUTHMGR-5-START: Starting 'mab' for client (18db.f22b.f6e0) on Interface Gi1/0/5 AuditSessionID AC11328400016FB20078465A
Aug  9 21:43:44.325: %MAB-5-FAIL: Authentication failed for client (18db.f22b.f6e0) on Interface Gi1/0/5 AuditSessionID AC11328400016FB20078465A
Aug  9 21:43:44.325: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'mab' for client (18db.f22b.f6e0) on Interface Gi1/0/5 AuditSessionID AC11328400016FB20078465A
Aug  9 21:43:44.325: %AUTHMGR-7-FAILOVER: Failing over from 'mab' for client (18db.f22b.f6e0) on Interface Gi1/0/5 AuditSessionID AC11328400016FB20078465A
Aug  9 21:43:44.325: %AUTHMGR-5-START: Starting 'dot1x' for client (18db.f22b.f6e0) on Interface Gi1/0/5 AuditSessionID AC11328400016FB20078465A
Aug  9 21:43:44.577: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Gi1/0/5 for pak.  Was not set
Aug  9 21:43:46.766: %DOT1X-5-SUCCESS: Authentication successful for client (18db.f22b.f6e0) on Interface Gi1/0/5 AuditSessionID AC11328400016FB20078465A
Aug  9 21:43:46.766: %AUTHMGR-7-RESULT: Authentication result 'success' from 'dot1x' for client (18db.f22b.f6e0) on Interface Gi1/0/5 AuditSessionID AC11328400016FB20078465A
Aug  9 21:43:47.798: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (18db.f22b.f6e0) on Interface Gi1/0/5 AuditSessionID AC11328400016FB20078465A
Aug  9 21:43:47.806: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Gi1/0/5 for pak.  Was not set
Aug  9 21:43:47.815: DHCPSNOOP(hlfm_set_if_input): Clearing if_input for pak.  Was Gi1/0/5
Aug  9 21:43:47.815: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Gi1/0/5 for pak.  Was not set
Aug  9 21:43:47.815: DHCP_SNOOPING: process new DHCP packet, message type: DHCPDISCOVER, input interface: Gi1/0/5, MAC da: ffff.ffff.ffff, MAC sa: 18db.f22b.f6e0, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 18db.f22b.f6e0
Aug  9 21:43:52.017: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Gi1/0/5 for pak.  Was not set
Aug  9 21:43:52.017: DHCPSNOOP(hlfm_set_if_input): Clearing if_input for pak.  Was Gi1/0/5
Aug  9 21:43:52.017: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Gi1/0/5 for pak.  Was not set
>> The 802.1x is successful, the port is assigned the right vlan but it never receives an ip-address
1 person had this problem
Labels:
0 Helpful
1 Reply 1

MichaelTooma4897
Level 1
Level 1

‎09-24-2019 02:23 PM

I know this is an old one, but did you ever get this fixed?

We ran into this same problem, but the no ip dhcp snooping information option seems to have been what the fix was.

 

Please give an update if you would.

 

Thanks,

Michael

0 Helpful
Customers Also Viewed These Support Documents