Re: DHCP Snooping Issue - Page 2

Faizan Shaikh · ‎03-01-2015

I'm trying to get DHCP snooping to work correctly. The network clients are able to receive addresses from the DHCP server (2811 Router) with no problem , but the DHCP snooping database bindings are not being entered in 2960 Cisco switch. I need them to be entered to be able to utilize DAI.

Below is the output from the router.

R1#sh ip dhcp binding
Bindings from all pools not associated with VRF:
IP address          Client-ID/              Lease expiration        Type
                    Hardware address/
                    User name
10.11.16.51         0100.0ffe.e1ce.40       Mar 08 2015 01:13 PM    Automatic
10.11.16.52         0100.0ffe.e1cd.9c       Mar 08 2015 02:06 PM    Automatic
10.11.16.53         0178.acc0.9d60.7c       Mar 08 2015 02:06 PM    Automatic
10.11.16.82         01a0.481c.add0.5a       Mar 08 2015 02:05 PM    Automatic

Below are the outputs from the switch:

SW#sh ip dhcp snooping binding
MacAddress IpAddress Lease(sec) Type VLAN Interface
------------------ --------------- ---------- ------------- ---- --------------------
Total number of bindings: 0

SW#sh ip dhcp snooping
Switch DHCP snooping is disabled
DHCP snooping is configured on following VLANs:
none
DHCP snooping is operational on following VLANs:
none
DHCP snooping is configured on the following L3 Interfaces:

Insertion of option 82 is enabled
circuit-id default format: vlan-mod-port
remote-id: 04da.d2cd.1080 (MAC)
Option 82 on untrusted port is not allowed
Verification of hwaddr field is enabled
Verification of giaddr field is enabled
DHCP snooping trust/rate is configured on the following Interfaces:

Interface Trusted Allow option Rate limit (pps)
----------------------- ------- ------------ ----------------

SW#sh ip dhcp snooping binding

MacAddress IpAddress Lease(sec) Type VLAN Interface
------------------ --------------- ---------- ------------- ---- --------------------
Total number of bindings: 0

Faizan Shaikh · ‎03-03-2015

Hi Antonin,

I will definitely try disabling option-82 stuff and releasing/renewing the ip.

However, as I had told you earlier that I manually disabled a port connected to a host on the switch and after enabling it, the client received the ip from DHCP. Same thing I did by restarting the host, but this time ip wasn't received from DHCP.

Second thing: I see entries in show ip dhcp binding in the router but there are no entries in show ip dhcp snooping binding. On switch side too, I check show ip dhcp snooping binding and the entries are zero, I need my DHCP snooping binding table to be populated for using DAI.

Apart from your suggestions, do you think I should enable DHCNP snooping on router as well?

This is one router to one switch connectivity and yes all the hosts are connected on this switch only.

amikat · ‎03-03-2015

Hi,

Thanks for the reply. I am sorry to say that I have not noticed this before:

Same thing I did by restarting the host, but this time ip wasn't received from DHCP.

If this is the case then there is a good reason there are no bindings. Option-82 or bugs are good candidates to be culprits. Please try as suggested and let me know.

Best regards,

Antonin

Faizan Shaikh · ‎04-15-2015

Hi Amikat,

Sorry for the long pause, lol. I have tried configuring "ip dhcp snooping information option allow-untrusted" and manually releasing the ip address with ipconfig/release but still the clients are not receiving ip if they're restarted.

Regards,

Faizan

aysar3000 · ‎06-05-2019

Dear Faizan Shaikh
on the switch just configure this command

no ip dhcp snooping information option

please rate if possible