Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1380
Views
10
Helpful
6
Replies

DHCP Snooping Dropped Packets

FuadG
Level 1
Level 1

‎09-29-2022 02:14 AM

Hello everyone!

We have configured DHCP snooping on one of our switches. All works fine, clients are able to get IP addresses, I can see the bindings table. However, what bothers me, is that there are lots of dropped packets in statistics

Packets Forwarded = 10936
Packets Dropped = 5358
Packets Dropped From untrusted ports = 0

When I check debug output, this is what I get

Sep 28 13:35:30: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Gi0/2 for pak. Was not set
Sep 28 13:35:30: DHCPSNOOP(hlfm_set_if_input): Clearing if_input for pak. Was Gi0/2
Sep 28 13:35:30: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Gi0/2 for pak. Was not set
Sep 28 13:35:30: DHCP_SNOOPING: received new DHCP packet from input interface (GigabitEthernet0/2)
Sep 28 13:35:30: DHCP_SNOOPING: process new DHCP packet, message type: DHCPINFORM, input interface: Gi0/2, MAC da: ffff.ffff.ffff, MAC sa: 80c1.6efa.bddb, IP da: 255.255.255.255, IP sa: 192.168.146.242, DHCP ciaddr: 192.168.146.242, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 80c1.6efa.bddb
Sep 28 13:35:30: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (146)
Sep 28 13:35:31: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Gi0/2 for pak. Was not set
Sep 28 13:35:31: DHCPSNOOP(hlfm_set_if_input): Clearing if_input for pak. Was Gi0/2
Sep 28 13:35:31: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Gi0/2 for pak. Was not set
Sep 28 13:35:31: DHCP_SNOOPING: received new DHCP packet from input interface (GigabitEthernet0/2)
Sep 28 13:35:31: DHCP_SNOOPING: process new DHCP packet, message type: BOOTPMSG, input interface: Gi0/2, MAC da: ffff.ffff.ffff, MAC sa: 00c0.b7ca.f785, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 00c0.b7ca.f785
Sep 28 13:35:31: DHCP_SNOOPING: bridge a BOOTP packet or an unknown msg type dhcp packet, op code = 1
Sep 28 13:35:31: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (99)
Sep 28 13:35:33: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Gi0/2 for pak. Was not set
Sep 28 13:35:33: DHCPSNOOP(hlfm_set_if_input): Clearing if_input for pak. Was Gi0/2
Sep 28 13:35:33: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Gi0/2 for pak. Was not set
Sep 28 13:35:33: DHCPSNOOP(hlfm_set_if_input): Clearing if_input for pak. Was Gi0/2
Sep 28 13:35:33: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Gi0/2 for pak. Was not set
Sep 28 13:35:33: DHCP_SNOOPING: received new DHCP packet from input interface (GigabitEthernet0/2)
Sep 28 13:35:33: DHCP_SNOOPING: process new DHCP packet, message type: DHCPINFORM, input interface: Gi0/2, MAC da: ffff.ffff.ffff, MAC sa: 80c1.6efa.bddb, IP da: 255.255.255.255, IP sa: 192.168.146.242, DHCP ciaddr: 192.168.146.242, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 80c1.6efa.bddb
Sep 28 13:35:33: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (146)
Sep 28 13:35:33: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Gi0/2 for pak. Was not set
Sep 28 13:35:33: DHCPSNOOP(hlfm_set_if_input): Clearing if_input for pak. Was Gi0/2
Sep 28 13:35:33: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Gi0/2 for pak. Was not set
Sep 28 13:35:33: DHCP_SNOOPING: received new DHCP packet from input interface (GigabitEthernet0/2)
Sep 28 13:35:33: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Gi0/2 for pak. Was not set
Sep 28 13:35:33: DHCPSNOOP(hlfm_set_if_input): Clearing if_input for pak. Was Gi0/2
Sep 28 13:35:33: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Gi0/2 for pak. Was not set
Sep 28 13:35:33: DHCP_SNOOPING: received new DHCP packet from input interface (GigabitEthernet0/2)
Sep 28 13:35:33: DHCP_SNOOPING: process new DHCP packet, message type: DHCPDISCOVER, input interface: Gi0/2, MAC da: ffff.ffff.ffff, MAC sa: 6c62.6d6f.551a, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 6c62.6d6f.551a
Sep 28 13:35:33: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (146)
Sep 28 13:35:33: DHCP_SNOOPING: process new DHCP packet, message type: DHCPOFFER, input interface: Gi0/2, MAC da: ffff.ffff.ffff, MAC sa: b40c.25e2.8010, IP da: 255.255.255.255, IP sa: 192.168.146.14, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 192.168.146.21, DHCP siaddr: 192.168.1.211, DHCP giaddr: 192.168.146.14, DHCP chaddr: 6c62.6d6f.551a
Sep 28 13:35:33: DHCP_SNOOPING: output port is same as input port (GigabitEthernet0/2), dropping packet

 

Interface Gi0/2 is facing our MS DHCP server (not directly connected, there are lots of other switches on the way)

I suspect those dropped packets are related to the output in bold

Can you please explain, what those bold messages mean?

Labels:
6 Replies 6

marce1000
Hall of Fame
Hall of Fame

‎09-29-2022 05:08 AM

 

           - FYIhttps://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm45491

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

FuadG
Level 1
Level 1
In response to marce1000

‎09-29-2022 10:43 PM

Hello,

This bug is related to 3560/3850, ours is and old Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(55)SE5, RELEASE SOFTWARE (fc1)

 

0 Helpful

MHM Cisco World
VIP
VIP

‎09-29-2022 07:03 AM

VLAN: (146) & VLAN: (99)
please can you confirm that these VLAN config with dhcp snooping ?

0 Helpful

FuadG
Level 1
Level 1
In response to MHM Cisco World

‎09-29-2022 10:44 PM

Hello,

Yes, it is configured for all VLANs on the switch

ip dhcp snooping vlan 81,99,142,146,162,167,200,234,252,836

MHM Cisco World
VIP
VIP
In response to FuadG

‎10-01-2022 06:20 AM

friend under analysis hope finish this week end 

0 Helpful

FuadG
Level 1
Level 1
In response to MHM Cisco World

‎10-28-2022 02:43 AM

Hello my friend

Any news? Below is ip dhcp snooping stats details. What does Unknown Output Interface and Misdirected Packets mean?

 

 

Packets Processed by DHCP Snooping = 171088
Packets Dropped Because
IDB not known = 0
Queue full = 0
Interface is in errdisabled = 0
Rate limit exceeded = 0
Received on untrusted ports = 1
Nonzero giaddr = 0
Source mac not equal to chaddr = 0
No binding entry = 0
Insertion of opt82 fail = 0
Unknown packet = 0
Interface Down = 0
Unknown output interface = 98488
Misdirected Packets = 13791
Packets with Invalid Size = 0
Packets with Invalid Option = 0

0 Helpful
Customers Also Viewed These Support Documents