Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2353
Views
0
Helpful
3
Replies

DHCP Snooping Issue on Multiple Switches

Network Aspirant
Level 1
Level 1

‎03-13-2019 12:12 AM

PTP fellow admins. Need some advise on the attached set-up tested in PT.

Just to give a heads up, the design's goal is to implement security across the entire network by enabling dhcp snooping to address rogue dhcp server/s in a big enterprise compose of around 30-40 access switches for edge users and other connectivity requirements.

 

Setup: 
1. Core Switch (3560 for simulation) as DHCP with inter vlan
2. 1 Distribution and multiple Access Switches for wired users and wireless APs.
3. Access switch having the dhcp snooping configurations

 

Issue: Upon enabling dhcp snooping on AS1, PC connected via VLAN 928 cannot acquire address.

DHCP snooping is enabled as well on DISTRI1 and workstations in AS2-AS5 are working normally having dynamic set up. This is just a portion of the entire network I'm planning to deploy the dhcp snooping configuration.

 

Is there a limitation for this set-up? Thank you very much in advance. 

Labels:
Preview file
47 KB
0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎03-13-2019 12:37 AM

On high level the model of network you described should work as expected with DHCP snooping settings.

 

considering :

1. You have setup proper DHCP Scopes and Expluded IP's

2. correct Option 82 Options.

 

apart from above. since we do not know what is the configuration you have implemented in the access switches.

post show run to have looking, working v/s not working switch configs.

 

Please refer option82 document from cisco :

 

https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_010110010.html

 

Also refer :  DHCP Relay configuration :

 

https://www.cisco.com/en/US/docs/ios/12_4t/ip_addr/configuration/guide/htdhcpre.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Network Aspirant
Level 1
Level 1
In response to balaji.bandi

‎03-13-2019 02:07 AM - edited ‎03-13-2019 02:07 AM

Thank you very much for the inputs. Anyhow, it's just a simple straight forward dhcp config and attached the running config of the core,distri and access for reference. No relevant configurations added in sir.

Preview file
2 KB
Preview file
3 KB
Preview file
2 KB
0 Helpful

paul driver
VIP
VIP
In response to Network Aspirant

‎03-13-2019 05:56 AM - edited ‎03-13-2019 05:58 AM

Hello
Please disable option 82 on the access switch and test again
no ip dhcp snooping information option

Also you dont need dhcp snooping applied on the distribution only the access layer, And you've only enable snooping for vlan 928 is that correct?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents