Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1233
Views
0
Helpful
10
Replies

DHCP snooping issue

GMahendra
Level 1
Level 1

‎03-14-2019 09:43 AM

Hi guys

I am facing issue when i configured  Ip dhcp snooping  comman in c2960x ,3750 & 3650...

 

Issue : users/clients do not receive Ip address automatically after configuring the  ipIdhcp snooping  command.

 

Do you have any idea about this?

 

Kind regards,

Mahendra Gharbude

Labels:
0 Helpful
10 Replies 10

balaji.bandi
Hall of Fame
Hall of Fame

‎03-14-2019 10:02 AM

We need to know what is the version of IOS you running, and show us your configuration.

 

do you have any debug logs, when they enable ip dhcp snoop.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

GMahendra
Level 1
Level 1
In response to balaji.bandi

‎03-14-2019 10:33 PM

Hi,

iOS version is 15.2(2)E7 ,model- 2960x

Configuration on switch- Ip dhcp snooping vlan 1- 999

 

Currently snooping is disabled on switch.

 

Attached screenshot.

Preview file
2343 KB
0 Helpful

GMahendra
Level 1
Level 1
In response to balaji.bandi

‎03-14-2019 10:33 PM

Hi,

iOS version is 15.2(2)E7 ,model- 2960x

Configuration on switch- Ip dhcp snooping vlan 1- 999

 

Currently snooping is disabled on switch.

 

Attached screenshot.

Preview file
2343 KB
Preview file
2343 KB
0 Helpful

luis_cordova
VIP Alumni
VIP Alumni

‎03-14-2019 10:05 AM

Hi @GMahendra ,

 

Could you show us the settings you enter?
This tool is implemented to avoid attacks by fake DHCP services.
In addition, you must indicate which interfaces will be reliable, that is, by which interface if addresses can be received through DHCP.

 

Regards

0 Helpful

paul driver
VIP
VIP

‎03-14-2019 10:45 AM - edited ‎03-14-2019 06:09 PM

Hello

Disable option 82 insertion on the access layer switches where snooping is applied also trust the switches uplinks then test again 

Sh ip dhcp snooping

No ip dhcp snooping information option 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

GMahendra
Level 1
Level 1
In response to paul driver

‎03-14-2019 09:28 PM

Thanks Paul,

 

If I remove option 82 ,what will be impact in network. How is option 82 works?

 

What is command to enable the option 82 again in network.

 

 

Kind regards,

Mahendra

0 Helpful

paul driver
VIP
VIP
In response to GMahendra

‎03-15-2019 03:15 AM

Hello

Its only applicable when dhcp snooping is enabled and as you have reported that some of your clients are not able to receive dhcp allocated after snooping is activated so the suggestion would be to try and disable option 82 on switches (3560's.3650's) that by default this feature on when snooping applied.

 

You can reapply it by simply  -  ip dhcp snooping information option

Please review this document - it will explain a lot clear then i ever can


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

GMahendra
Level 1
Level 1
In response to paul driver

‎03-15-2019 09:13 AM

Thanks Paul. I will try it and let you know.

0 Helpful

Jaderson Pessoa
VIP Alumni
VIP Alumni

‎03-14-2019 11:19 AM

@GMahendra ,

 

 

Adding something else, dont forget to define and insert the command under the trusted interface that can able transport dhcp packets.

 

ip dhcp snooping trust

 

check it for more information: https://www.cisco.com/c/en/us/support/docs/smb/switches/cisco-small-business-300-series-managed-switches/smb5715-configure-dhcp-trusted-interface-settings-on-a-switch-throug.html

Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎03-15-2019 11:27 AM

The two important things to remember are 1) insure you trust the links (and transits) from your valid DHCP server(s) and 2) if you have a downstream L3 device forwarding DHCP requests without DHCP snooping also enabled, you need to configure it special (that's where the option 82 stuff comes into play).
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card