Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2235
Views
0
Helpful
1
Replies

DHCP Snooping Untrusted Port Message Question

dan.parr1
Level 1
Level 1

‎09-13-2016 09:25 AM - edited ‎03-08-2019 07:24 AM

Reviewing the log on our Catalyst 6509 I am seeing the following messages from time to time:

Sep 13 14:16:22.061: %DHCP_SNOOPING-5-DHCP_SNOOPING_UNTRUSTED_PORT: DHCP_SNOOPING drop message on untrusted port: GigabitEthernet1/7, message type: DHCPOFFER, MAC sa: 1234.5678.abcd, vlan: 136, server IP: 10.10.10.50

It appears that the MAC sa: 1234.5678.abcd indicates the MAC of the system that sent this offer packet  However this is not the MAC address of the system configured with the IP address of 10.10.10.50.  That IP is the correct IP address of our DHCP Server, which is not connected to GigabitEthernet1/7.  Is this IP address read from inside the offer packet?

I am just looking for clarification on the parts of info provided by this message, and how they are to be interpreted.

Thanks

Labels:
0 Helpful
1 Reply 1

salemmahara
Level 3
Level 3

‎09-13-2016 12:56 PM

Did you check the result of show mac address-table command to control learned address on specified interface? It might help you to compare message with CAM table. 

Pay attention to the message. DHCP OFFER!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card