cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1172
Views
0
Helpful
6
Replies

dhcp snooping issue

csaba.papp
Level 1
Level 1

Hi,

I activated dhcp snooping on my test envirament (C3550 Software C3550-I9Q3L2-M), Version 12.1(20)EA1a, RELEASE SOFTWARE (fc1)

The first IP request coming from a desktop was successful. It got a valid ip. The release worked also fine.

The new ip request and the all other failed.

Here is the debug log (I included my comments)

'Ipconfig /renew

001483: *Mar 10 01:14:38: DHCP_SNOOPING: received new DHCP packet from input interface (FastEthernet0/9)

001484: *Mar 10 01:14:38: DHCP_SNOOPING: process new DHCP packet, message type: DHCPREQUEST

001485: *Mar 10 01:14:38: DHCP_SNOOPING_SW: Encoding opt82 in vlan-mod-port format

001486: *Mar 10 01:14:38: DHCP_SNOOPING_SW: bridge packet send packet to port: GigabitEthernet0/1.

001487: *Mar 10 01:14:38: DHCP_SNOOPING: received new DHCP packet from input interface (GigabitEthernet0/1)

001488: *Mar 10 01:14:38: DHCP_SNOOPING: process new DHCP packet, message type: DHCPACK

001489: *Mar 10 01:14:38: DHCP_SNOOPING: direct forward dhcp reply to output port: FastEthernet0/9.

'the desktop successfully got IP

'ipconfig /release

001490: *Mar 10 01:15:00: DHCP_SNOOPING: received new DHCP packet from input interface (FastEthernet0/

001491: *Mar 10 01:15:00: DHCP_SNOOPING: process new DHCP packet, message type: DHCPRELEASE

001492: *Mar 10 01:15:00: DHCP_SNOOPING_SW: Encoding opt82 in vlan-mod-port format

001493: *Mar 10 01:15:00: DHCP_SNOOPING_SW: bridge packet send packet to port: GigabitEthernet0/1.

'succesfully ip release

'ipconfig /renew

001494: *Mar 10 01:15:05: DHCP_SNOOPING: received new DHCP packet from input interface (FastEthernet0/9)

001495: *Mar 10 01:15:05: DHCP_SNOOPING: process new DHCP packet, message type: DHCPDISCOVER

001496: *Mar 10 01:15:05: DHCP_SNOOPING_SW: Encoding opt82 in vlan-mod-port format

001497: *Mar 10 01:15:05: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (100)

001498: *Mar 10 01:15:09: DHCP_SNOOPING: received new DHCP packet from input interface (FastEthernet0/9)

001499: *Mar 10 01:15:09: DHCP_SNOOPING: process new DHCP packet, message type: DHCPDISCOVER

001500: *Mar 10 01:15:09: DHCP_SNOOPING_SW: Encoding opt82 in vlan-mod-port format

001501: *Mar 10 01:15:09: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN

Thanks for help.

Csaba

6 Replies 6

skarundi
Level 4
Level 4

the switch is running really old code. I'd suggest upgrading to at least 12.2(25)SE.

May be a bug with dhcp snooping.

Karundi thanks for your message.

I upgraded the IOS to 12.2(25)SEB4, but no progress. The issue persist.

Here is the log

00:08:13: DHCP_SNOOPING: received new DHCP packet from input interface (FastEthernet0/2)

00:08:13: DHCP_SNOOPING: process new DHCP packet, message type: DHCPDISCOVER, input interface: Fa0/2, MAC da: ffff.ffff.ffff, Msa: 0015.c54f.73f5, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, Dgiaddr: 0.0.0.0, DHCP chaddr: 0015.c54f.73f5

00:08:13: DHCP_SNOOPING: add relay information option.

00:08:13: DHCP_SNOOPING_SW: Encoding opt82 in vlan-mod-port format

00:08:13: DHCP_SNOOPING: binary dump of relay info option, length: 20 data:

0x52 0x12 0x1 0x6 0x0 0x4 0x0 0x1E 0x0 0x1 0x2 0x8 0x0 0x6 0x0 0x11 0xBB 0x6C 0x22 0x80

00:08:13: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (30)

00:08:13: DHCP_SNOOPING_SW: bridge packet send packet to port: FastEthernet0/1.

00:08:13: DHCP_SNOOPING_SW: bridge packet send packet to port: FastEthernet0/3.

00:08:29: DHCPSN: DHCP packet being sent to PI snooping process

00:08:29: DHCP_SNOOPING: received new DHCP packet from input interface (FastEthernet0/2)

.......................................................

Switch#sh ip dhcp snooping

Switch DHCP snooping is enabled

DHCP snooping is configured on following VLANs:

30

Insertion of option 82 is enabled

Option 82 on untrusted port is not allowed

Verification of hwaddr field is enabled

Interface Trusted Rate limit (pps)

------------------------ ------- ----------------

FastEthernet0/1 yes unlimited

FastEthernet0/3 yes unlimited

the message "packet is flooded to ingress vlan" means that the dhcp discover frame is forwarded out faethernet 0/1 and fa0/3.

Can you confirm that your dhcp server or dhcp relay agent which should be connected to either fa0/1 or fa0/3 got the frame ?

igor_kiselev
Level 1
Level 1

Can you first try disabling Option 82 insertion

(global mode)

no ip dhcp snooping information option

see if it works now ...

Unless your DHCP server understand the Option 82 stuff you need to disable it. Windows 2000/2003 DHCP Server doesn't work with option 82 enabled

HTH

Andy

Hi,

I disabled the option 82 end it solved the problem. My dhcp server is Windows 2000.

I tested a Windows 2008 dhcp server and it seems that it supports this option.

Here is the logs.

'ipconfig /release

02:17:56: DHCPSN: DHCP packet being sent to PI snooping process

02:17:56: DHCP_SNOOPING: received new DHCP packet from input interface (FastEthernet0/2)

02:17:56: DHCP_SNOOPING: process new DHCP packet, message type: DHCPRELEASE, input interface: Fa0/2, MAC da: 0012.3f4d.f3d3, MAC s

a: 0015.c54f.73f5, IP da: 10.18.16.2, IP sa: 10.18.16.90, DHCP ciaddr: 10.18.16.90, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DH

CP giaddr: 0.0.0.0, DHCP chaddr: 0015.c54f.73f5

02:17:56: DHCP_SNOOPING: add relay information option.

02:17:56: DHCP_SNOOPING_SW: Encoding opt82 in vlan-mod-port format

02:17:56: DHCP_SNOOPING: binary dump of relay info option, length: 20 data:

0x52 0x12 0x1 0x6 0x0 0x4 0x0 0x1E 0x0 0x1 0x2 0x8 0x0 0x6 0x0 0x11 0xBB 0x6C 0x22 0x80

02:17:56: DHCP_SNOOPING_SW: bridge packet send packet to port: FastEthernet0/3.

'ipconfig /renew

02:18:43: DHCPSN: DHCP packet being sent to PI snooping process

02:18:43: DHCP_SNOOPING: received new DHCP packet from input interface (FastEthernet0/2)

02:18:43: DHCP_SNOOPING: process new DHCP packet, message type: DHCPDISCOVER, input interface: Fa0/2, MAC da: ffff.ffff.ffff, MAC

sa: 0015.c54f.73f5, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP

giaddr: 0.0.0.0, DHCP chaddr: 0015.c54f.73f5

02:18:43: DHCP_SNOOPING: add relay information option.

02:18:43: DHCP_SNOOPING_SW: Encoding opt82 in vlan-mod-port format

02:18:43: DHCP_SNOOPING: binary dump of relay info option, length: 20 data:

0x52 0x12 0x1 0x6 0x0 0x4 0x0 0x1E 0x0 0x1 0x2 0x8 0x0 0x6 0x0 0x11 0xBB 0x6C 0x22 0x80

02:18:43: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (30)

02:18:43: DHCP_SNOOPING_SW: bridge packet send packet to port: FastEthernet0/3.

02:18:44: DHCPSN: DHCP packet being sent to PI snooping process

02:18:44: DHCP_SNOOPING: received new DHCP packet from input interface (FastEthernet0/3)

02:18:44: DHCP_SNOOPING: process new DHCP packet, message type: DHCPOFFER, input interface: Fa0/3, MAC da: ffff.ffff.ffff, MAC sa:

0012.3f4d.f3d3, IP da: 255.255.255.255, IP sa: 10.18.16.2, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 10.18.16.90, DHCP siaddr: 10.18.16.

2, DHCP giaddr: 0.0.0.0, DHCP chaddr: 0015.c54f.73f5

02:18:44: DHCP_SNOOPING: direct forward dhcp reply to output port: FastEthernet0/2.

............

Thank you for all who replayed to my post.

Review Cisco Networking for a $25 gift card