cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1841
Views
0
Helpful
6
Replies

DHCP Snooping issue with CISCO 4500

xafarali19901
Level 1
Level 1

Hello,

 We are facing an issue while configuring DHCP snooping.

We are configuring DHCP snooping on "Access SW" C2960X Software  (C2960X-UNIVERSALK9-M), Version 15.0(2), we have multiple VLANs in our network. And for some VLAN we

have configure DHCP on "Dist. SW"Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 03.04.00.SG RELEASE SOFTWARE (fc3) and for remaining VLANs we have configured 

DHCP on freeBSD.

When we enable DHCP snooping everything working fine for those vlans which are getting DHCP ip from freeBSD, but for vlans which have DHCP on Dist. SW client are unable to get IP.

VLAN2:    DHCP on freeBSD // working fine

VLAN3:    DHCP on Dist. SW // not working

VLAN4:    DHCP on freeBSD //working fine

Access-SW#sh ip dhcp snooping 

Switch DHCP snooping is enabled

DHCP snooping is configured on following VLANs:

2,3,4

DHCP snooping is operational on following VLANs:

2,3,4

DHCP snooping is configured on the following L3 Interfaces:

Insertion of option 82 is enabled

   circuit-id default format: vlan-mod-port

   remote-id: xxx.xxxx.xxxx (MAC)

Option 82 on untrusted port is not allowed

Verification of hwaddr field is enabled

Verification of giaddr field is enabled

DHCP snooping trust/rate is configured on the following Interfaces:

Interface                  Trusted    Allow option    Rate limit (pps)

-----------------------    -------    ------------    ----------------   

GigabitEthernet1/0/24      yes        yes             unlimited

VALN3 clients are unable to get DHCP IP. Only able ot get IP when we disable IP DHCP snooping

Can anyone help me to figure it out what is the issue.

snooping is only enable on Access SW.

Regards,

2 Accepted Solutions

Accepted Solutions

Hello

so you have enabled dhcp snooping on a switch that is actually an active  dhcp server?

To be honest I have never come across this it defeats the objective of snooping as you dhcp server isnt residing on a actual physical interface

I need to test this myself but have you tried  trusting the svi of vlan 3 ?

res

paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

Zohaib Khan
Level 1
Level 1

Hi,

in Access SW

Put in  global config. : no ip dhcp snooping information option

---- by default switch adds option 82 in DHCP packet.

there is a complete discussion on following link:

https://learningnetwork.cisco.com/thread/63215

View solution in original post

6 Replies 6

Hello

Have you trusted the trunks between these switches

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Thanks for the reply paul,

The freeBSD DHCP server and Catalyst 4500 L3 Switch both are connected with a CISCO 2960 switch on which DHCP snooping is not enabled. This switch is further connected with another CISCO 2960 switch which is at my access layer and client are connected with that switch. The trunk link between switches is a trusted interface at the client end switch where DHCP snooping is enabled as shown in the config earlier.   

DHCP snooping trust/rate is configured on the following Interfaces:

Interface                  Trusted    Allow option    Rate limit (pps)

-----------------------    -------    ------------    ----------------   

GigabitEthernet1/0/24      yes        yes             unlimited         ( Trunk link)

 DHCP snooping is enabled only at the client end switch.

I further attached a diagram of my topology please see the attachment.

Hello

so you have enabled dhcp snooping on a switch that is actually an active  dhcp server?

To be honest I have never come across this it defeats the objective of snooping as you dhcp server isnt residing on a actual physical interface

I need to test this myself but have you tried  trusting the svi of vlan 3 ?

res

paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hello ,

   DHCP snooping is not enabled on a CISCO 4500 MLS which is also acting as a DHCP server for management VLAN.

DHCP is only enabled on the access layer switch.

 

Zohaib Khan
Level 1
Level 1

Hi,

in Access SW

Put in  global config. : no ip dhcp snooping information option

---- by default switch adds option 82 in DHCP packet.

there is a complete discussion on following link:

https://learningnetwork.cisco.com/thread/63215

Thanks Zohaib Khan for the reply

This command works for me

In  global config. : no ip dhcp snooping information option

Review Cisco Networking for a $25 gift card