Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1694
Views
1
Helpful
5
Replies

DHCP Snooping on access points interfaces

itbn
Level 1
Level 1

‎05-12-2023 04:50 AM

Hello! I have multiple wireless access points on different interfaces on my cisco 2960x switch. When using DHCP Snooping and client moving from one AP to another, the client device mac-address is essentially changing ports.

Will it be problem? Will the switch be dropping dhcp packets from device if its mac and ip addresses is already in "dhcp binding table" binding to another port?

Thank you!

Labels:
0 Helpful
5 Replies 5

Flavio Miranda
VIP
VIP

‎05-12-2023 07:01 AM

Hello,

  Do you have WLC or it is standalone Access Points? 

    But, either way the clients mac address will not be dropped as the communication will be with the Access Point and not with the switch directly.  The AP is not a bridge on this case do, the mac address which will communicated with the switch is the Access Point mac address. 

0 Helpful

itbn
Level 1
Level 1
In response to Flavio Miranda

‎05-12-2023 07:41 AM

@Flavio Miranda wrote:

Hello,

  Do you have WLC or it is standalone Access Points?  

It is Ubiquiti Unifi APs

    But, either way the clients mac address will not be dropped as the communication will be with the Access Point and not with the switch directly.  The AP is not a bridge on this case do, the mac address which will communicated with the switch is the Access Point mac address. 

But i see clients mac addresess on APs' ports:

SW-BCM-SRV-01#show mac address-table | include 1/0/2
13 6022.321e.0e49 DYNAMIC Gi1/0/2
19 4cdd.3119.5368 DYNAMIC Gi1/0/2
19 f039.65ee.1b35 DYNAMIC Gi1/0/2
446 924e.8e99.0ab9 DYNAMIC Gi1/0/2
446 baca.928c.af2c DYNAMIC Gi1/0/2

APs' ports are configured as trunk with several vlans

0 Helpful

Flavio Miranda
VIP
VIP
In response to itbn

‎05-12-2023 07:46 AM

well, on this case it totaly different from what I thought.  The AP is actually a bridge on this case and now I would say DHCP snooping could be a problem.

 

0 Helpful

itbn
Level 1
Level 1
In response to Flavio Miranda

‎05-12-2023 08:29 AM

Can i do something with it? I don't want to set these ap interfaces trusted, because some wifi client can start dhcp service or something like that.
Maybe there is another solution to this problem?

0 Helpful

Flavio Miranda
VIP
VIP
In response to itbn

‎05-12-2023 08:45 AM

You need to run some tests but what I would try is put the DHCP lease time higher then the IGMP aging time. 

 Actually it is a good practice put DHCP lease time to like 4 hours. This way you prevent clients to ask for IP all the time and when it does, the mac address will be already release on the IGMP mac table. 

 But I am assuming you do have roaming between AP because if the client disconnect from one AP and do the process again on the next AP chances are it will request IP again. 

Customers Also Viewed These Support Documents