12-01-2020 10:49 AM
Hello,
I'm into basics of DHCP snooping. I've enabled it on the switch with following:
(config) ip dhcp snooping
(config) ip dhcp snooping vlan 1
Now, on Fa0/2 I have DHCP server connected, on Fa0/1 I have a client. By default all ports are untrusted. As per documentation, untrusted ports should allow DHCP DISCOVER & REQUEST messages. But (in PacketTracer) when client sending DHCP DISCOVER message to the LAN, switch drops it. If I configure port as trusted, then it forwards it to the server port Fa0/2.
Any thoughts why DHCP snooping dropping DHCP discover/request messages on untrusted ports?
Thanks in advance!
Solved! Go to Solution.
12-01-2020 01:54 PM
Hello,
I just tested this on a real switch. With DHCP snooping enabled, and no trusted port, all packets are dropped. With one trusted port, the DHCP packets are flooded to the entire Vlan but only accepted on the trusted port. I guess that matches your findings.
The 3560 in Packet Tracer does not work as expected, I am pretty sure it is a quirk in Packet Tracer.
12-01-2020 11:00 AM
it should work as expected, i am not a PT user -
check below video ;
12-01-2020 01:08 PM
Hey Balaji,
Second video was helpfull: https://www.youtube.com/watch?v=u3EmleryJ9A
on 5:00 he had the same thing - DHCP requests were dropping immediately if there is not one trusted port configured on switch. Solved with configuring one trusted port. Thanks!
12-01-2020 11:00 AM
Hello,
probably a quirk in Packet Tracer. Can you post the zipped project (.pkt) file ?
12-01-2020 11:08 AM
Actually, I just tested this on a 3560 switch in Packet Tracer, it works as documented. Untrusted ports are able to send/receive discover/request messages, and IP addresses are assigned to hosts on untrusted ports.
12-01-2020 01:06 PM
Hey Georg,
Attaching a PT file. So on 2960 switches(or on all), if there is none at all trusted ports configured, then DHCP request packets are dropped immediately, but if there is even one trusted port, those DHCP requests are flooded to all switch operational ports, and replies are allowed only from trusted ports.
And in attached PT project, I couldn't make it working DHCP snooping for switch 3560
12-01-2020 01:54 PM
Hello,
I just tested this on a real switch. With DHCP snooping enabled, and no trusted port, all packets are dropped. With one trusted port, the DHCP packets are flooded to the entire Vlan but only accepted on the trusted port. I guess that matches your findings.
The 3560 in Packet Tracer does not work as expected, I am pretty sure it is a quirk in Packet Tracer.
12-01-2020 11:26 AM
diable option 82 and try again
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide