cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
177
Views
0
Helpful
5
Replies
Highlighted
Beginner

DHCP Snooping dropping DHCP Discovery massage

Hi, i'm using Packet Tracer and i configured DHCP snooping on the switch catalyst 2960.

switch configuration:

 ip dhcp snooping vlan 10,20

 no ip dhcp snooping information option

 ip dhcp snooping

 

i have two PC's connect to the switch PC1 on VLAN 10 and PC2 on VLAN 20

from the switch there is one trunk connection to a router on a stick (cisco 2911)

i configured the interface between the switch to the router as a trust port

 

sw(config-if)#ip dhcp snooping trust

 

the router is the DHCP server and the PC's both are DHCP Clients, when they ask for DHCP address the switch drop the DHCP Discovery packet

 

i see on the packet tracer simulation this reason:

"DHCP Snooping: The switch receives a DHCP DISCOVER message on an untrusted port. The device is not configured with a functional and trusted port. The device drops the packet."

 

why the switch drop DHCP discovery packet?

I know that the DHCP snooping doesn't drop "client to server" packet, maybe i'm mistake...

how can i fix it expect from configure the PC's ports a trust port (this is lose the concept of the DHCP snooping)

i also attach a file of the packet tracer.

thank for reference

 

5 REPLIES 5
Highlighted
Beginner

Re: DHCP Snooping dropping DHCP Discovery massage

Hi,

add this command to router globally or to the interface facing to switch:

 

globally: ip dhcp relay information trusted all

interface: ip dhcp relay information trusted

 

the result is the same.

Highlighted
Beginner

Re: DHCP Snooping dropping DHCP Discovery massage

i tried used those commands but still didnt worked.

Highlighted
VIP Mentor

Re: DHCP Snooping dropping DHCP Discovery massage

Hello
You need to have the vlan active before enabling snooping for that specific vlan.
Disable snooping for vlan 10,20, disable/renable hosts let them obtain ip addressing
Then activate snooping for those vlans, Any new new hosts joining after this for those vlans should obtain alocation with snooping enabled, do this for each new dhcp vlan you add to your network.

Switch
conf t
no ip dhcp snooping information option
ip dhcp snooping
no ip dhcp snooping vlan 10,20

int range x/x -x
description access-port to dhcp host
shut
no shut

ip dhcp snooping vlan 10,20

int range x/x -x
description access-port to dhcp host
shut
no shut




kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
Highlighted
Beginner

Re: DHCP Snooping dropping DHCP Discovery massage

Hi

i tried it, before i activated DHCP snooping i let the hosts on the network to get an IP address through DHCP and by that let the VLAN be activate by some DHCP traffic but after when i using DHCP snooping and then let the hosts to DHCP Discovery again, it still doesn't worked - the sw drop the frame because DHCP snooping.

After some different attempts i notice that when i set the trunk link between the sw to the router as an access link suddenly from some reason the sw doesnt drop the frame for DHCP Discovery, but of course it's not proper to set the link to be access mode.

 

Everyone's tags (1)
Highlighted
VIP Mentor

Re: DHCP Snooping dropping DHCP Discovery massage

Hello

Just noticed your using Packet Tracer not a live network -  PT is known for lots of anomalies - so its possible  aPT issue.

Please post the file PT anyway for review.



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
CreatePlease to create content
Content for Community-Ad