01-09-2023 01:01 AM
Hi every one ,
i have an issue with my SWs ,
i have more than 50 SW and VLANs allowed on all SWs,
i already enable DHCP Snooping for VLANs and it works fine until i have problem that all devices connected to any VLAN that have DHCP Snooping enabled won't get IP address , Unless i remove DHCP Snooping .
the configuration is :
SW(config)#ip dhcp snooping
SW(config)#ip dhcp snooping vlan 4
SW(config)#no ip dhcp snooping information option
SW(config)#int X
SW(config-if)#ip dhcp snooping trust
01-09-2023 01:07 AM
>...ip dhcp snooping trust
Note : If a Layer 2 LAN port is connected to a DHCP server, configure the port as trusted by entering the
ip dhcp snooping trust interface configuration command as above
• However if a Layer 2 LAN port is connected to a DHCP client, configure the port as untrusted by entering the
no ip dhcp snooping trust interface configuration command
For the rest what are the switch models involved ?
M.
01-09-2023 01:27 AM
Thanks for replying,
What you mean by (if a Layer 2 LAN port is connected to a DHCP client)?
i have hierarchy design ,
DHCP Server connected to the SWs , and i make each port on each SW Facing to the server as tursted port
by entering this command
SW(config-if)#ip dhcp snooping trust
01-09-2023 02:03 AM
>What you mean by (if a Layer 2 LAN port is connected to a DHCP client)?
Meaning a simple host (endpoint connection)
>DHCP Server connected to the SWs , and i make each port on each SW Facing to the server as trusted port
That should be ok to do , you could start by verifying if the DHCP snooping feature is working on the local switch where the (to-be trusted) DHCP server is connected ,
M.
01-09-2023 01:40 AM
Vlan with ip helper not work with dhcp snooping,
This limitation of IOS.
01-09-2023 03:58 AM
yes , my configuration is like that .
under interface vlan x
i add command ip helper address of the server ,
but i think snooping work fine with ip helper address because i already did it ,but suddenly stop working .
01-09-2023 04:31 AM
the DHSP server that not direct connect to host i.e. using ip helper using two filed in DHCP discover to assign IP
first one is relay agent IP address
second is OP 82
NOW
second which is OP 82 is disable via no ip dhcp snooping inf option you enter.
so there is only one still which is relay agent IP,
relay agent IP is IP of interface that forward DHCP discover to DHCP server.
here you must check
1- do you config Pool in DHCP server with correct default-router (I prefer make it same as relay agent IP)
2-do you have multi Pool which by mistack overlapping ?
3- do you have route back from DHCP server to relay agent IP <<- this point you can check by ping <dhcp server> source <vlan of relay agent IP>
that point will clear to you what happened in your network
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide