02-07-2020 07:48 AM
Hello,
we have a strange issue regarding DHCP snooping on C9200 with IOS-XE 16.12.02.
It seems that ports with connected Meraki AP MR16 or MR72 DHCP Snooping is not working.
Feb 7 10:21:21.868: DHCP_SNOOPING: process new DHCP packet, message type: DHCPDISCOVER, input interface: Gi1/0/30, MAC da: ffff.ffff.ffff, MAC sa: 3c6a.a78e.4969, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 3c6a.a78e.4969, efp_id: 0, vlan_id: 673 Feb 7 10:21:21.868: DHCP_SNOOPING: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (673) Feb 7 10:21:21.880: DHCP_SNOOPING: process new DHCP packet, message type: DHCPOFFER, input interface: Po1, MAC da: ffff.ffff.ffff, MAC sa: 00ea.bd9e.c1ee, IP da: 255.255.255.255, IP sa: 172.22.173.3, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 172.22.173.90, DHCP siaddr: 172.24.86.200, DHCP giaddr: 172.22.173.3, DHCP chaddr: 3c6a.a78e.4969, efp_id: 0, vlan_id: 673 Feb 7 10:21:21.881: DHCP_SNOOPING: client address lookup failed to locate client interface, retry lookup using packet mac DA: ffff.ffff.ffff Feb 7 10:21:21.881: DHCP_SNOOPING: lookup packet destination port failed to get mat entry for mac: 3c6a.a78e.4969 vlan_id 673 Feb 7 10:21:21.881: DHCP_SNOOPING: client address lookup failed to locate client interface, retry lookup using packet mac DA: ffff.ffff.ffff Feb 7 10:21:21.881: DHCP_SNOOPING: lookup packet destination port failed to get mat entry for mac: 3c6a.a78e.4969 vlan_id 673 Feb 7 10:21:21.881: DHCP_SNOOPING: can't find output interface for dhcp reply. the message is dropped. Feb 7 10:21:21.881: DHCP_SNOOPING: process new DHCP packet, message type: DHCPOFFER, input interface: Po1, MAC da: ffff.ffff.ffff, MAC sa: 00ea.bd9e.c1ee, IP da: 255.255.255.255, IP sa: 172.22.173.3, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 172.22.173.90, DHCP siaddr: 172.24.86.200, DHCP giaddr: 172.22.173.3, DHCP chaddr: 3c6a.a78e.4969, efp_id: 0, vlan_id: 673 Feb 7 10:21:21.881: DHCP_SNOOPING: client address lookup failed to locate client interface, retry lookup using packet mac DA: ffff.ffff.ffff Feb 7 10:21:21.881: DHCP_SNOOPING: lookup packet destination port failed to get mat entry for mac: 3c6a.a78e.4969 vlan_id 673 DE-HAU-HUH-S24# Feb 7 10:21:21.881: DHCP_SNOOPING: client address lookup failed to locate client interface, retry lookup using packet mac DA: ffff.ffff.ffff Feb 7 10:21:21.881: DHCP_SNOOPING: lookup packet destination port failed to get mat entry for mac: 3c6a.a78e.4969 vlan_id 673 Feb 7 10:21:21.881: DHCP_SNOOPING: can't find output interface for dhcp reply. the message is dropped. DE-HAU-HUH-S24#
DHCP Snooping configuration is as following:
DE-HAU-HUH-S24#sh ip dhcp snooping Switch DHCP snooping is disabled Switch DHCP gleaning is disabled DHCP snooping is configured on following VLANs: 1-4094 DHCP snooping is operational on following VLANs: 1-4094 DHCP snooping is configured on the following L3 Interfaces: Insertion of option 82 is disabled circuit-id default format: vlan-mod-port remote-id: 10b3.d58f.8200 (MAC) Option 82 on untrusted port is not allowed Verification of hwaddr field is disabled Verification of giaddr field is disabled
My understanding is that the switch should learn the "source MAC" from the DHCPDISCOVER.
It should then check the DHCPOFFER for "chaddr" and lookup the MAC table.
It seems - for some very strange reason - the source MAC is not learned within the MAC Table.
Therefore the DHCPOFFER gets dropped of course.
When you disable dhcp snooping the client receives an IP address and is full functional!
Nevertheless - even when the client is full functional! - there is no Client MAC on the Switch (show mac add table).
But you can see the Client IP and MAC with "IP Device Tracking".
It seems that the ASIC is programmed correct and that the IOS software information is not correct.
Therefore dhcp snooping is not working. I asked our partner to open a TAC Case.
It seems we are hitting a BUG ...
Does anyone have a similar issue or has any feedback ?
Best regards,
steffen
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide