Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4856
Views
0
Helpful
5
Replies

dhcp snooping issues with phone

carl_townshend
Spotlight
Spotlight

‎07-22-2011 01:43 AM - edited ‎03-07-2019 01:21 AM

Hi all

I am having issues with my voip phone, it will not boot into the correct vlan, I get this on the port, all other ports are configured the same and phones the same also

DHCP_SNOOPING-5-DHCP_SNOOPING_NONZERO_GIADDR: DHCP_SNOOPING drop message with non-zero giaddr or option82 value on untrusted port, message type: DHCPDECLINE, MAC sa: 001a.e80a.0261

Labels:
0 Helpful
5 Replies 5

Reza Sharifi
Hall of Fame
Hall of Fame

‎07-22-2011 06:26 AM

Carl,

This is an informational message only. No action is required. 

Error Message    DHCP_SNOOPING-5-DHCP_SNOOPING_NONZERO_GIADDR: [char] drop message 
with non-zero giaddr or option82 value  on untrusted port message type: [char] MAC 
sa: [mac-addr]

Explanation    The DHCP snooping feature discovered a DHCP packet with option values not allowed  on the untrusted port, indicating some host may be trying to act as a DHCP relay or server. The  packet will be dropped.

Recommended Action    This is an informational message only. No action is required.

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/31sga/system/message/emsg.html

HTH

0 Helpful

Ven Taylor
Level 4
Level 4

‎07-22-2011 07:53 AM

Can you share your switch port configuration?

Is the switch port configured with a voice vlan?

In a normal switchport configuration for a phone, you'll have a switchport access vlan and a switchport voice vlan.

Ven

Ven Taylor
0 Helpful

lgrochal
Level 1
Level 1

‎09-26-2011 04:33 AM

Just came across the same issue with a Cat3750X and an Alcatel IPTouch phone. For whatever reason the phone didn't like the (perfectly good, for me) address provided by the DHCP server and kept sending back the

DHCPDECLINE messages with some additional options attached, which in turn made the switch drop the DECLINE packets. A stale-mate, of sorts.

I've managed to work around the issue by temporarily configuring the port as trusted ('ip dhcp snooping trust') and allowing the server and the phone to negotiate an addres more to the phones tastes. After that, everything works fine, with the trust removed ('no ip dhcp snooping trust') again.

Not much of a solution, but as this looks extremely rare (first time since I've implemented port-security and snooping in my infrastructure), I can live with it. And blame the phone.

Best regards,

--

Łukasz Grochal

0 Helpful

esomarriba
Level 5
Level 5

‎09-26-2011 08:57 AM

Hi Carl,

Try the following best practice:

interface FastEthernet 0/X

description connection to user+phone

switchport access vlan

switchport mode access

switchport  voice vlan

switchport port-security maximum 5

switchport port-security

switchport port-security aging time 5

switchport port-security aging static

switchport port-security aging type inactivity

switchport port-security violation protect

no snmp trap link-status

storm-control broadcast level 10.00

storm-control action shutdown

arp timeout 900

spanning-tree portfast

speed auto

duplex auto

auto qos voip cisco-phone

no shutdown

HTH,

/ES

0 Helpful

Steven Peree
Level 1
Level 1

‎08-23-2013 06:02 AM

In our case we had the same error messages.

Turned out that we had CDP disabled on all access ports. And because cisco phone's rely on this for their configuration...

0 Helpful
Customers Also Viewed These Support Documents