DHCP snooping with DHCP relay problem

Andy White · ‎01-30-2013

Hello,

I have set up a lab which is very similar to our live remote offices. I want to enable DHCP snooping, but when I do clients no longer get an ip address. The image below is just like my lab and our real networks and I have issued the "ip dhcp snooping trust" command on both trunk ports between the 2 3560s and the port on the 3560 connected to the router (switch0).

The debug shows this on switch0:

*Mar 1 01:07:16.950: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Fa0/1 for pak. Was Vl30

*Mar 1 01:07:16.950: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Vl30 for pak. Was Fa0/1

*Mar 1 01:07:16.950: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Fa0/1 for pak. Was Vl30

*Mar 1 01:07:16.950: DHCP_SNOOPING: received new DHCP packet from input interface (FastEthernet0/1)

*Mar 1 01:07:16.950: DHCP_SNOOPING: process new DHCP packet, message type: DHCPDISCOVER, input interface: Fa0/1,

3560-01#una MAC da: ffff.ffff.ffff, MAC sa: 0024.e8f9.6fee, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 0024.e8f9.6fee

*Mar 1 01:07:16.950: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (30)

*Mar 1 01:07:16.950: DHCP_SNOOPING_SW: bridge packet send packet to cpu port: Vlan30.

*Mar 1 01:07:16.950: DHCP_SNOOPING: received new DHCP packet from input interface

3560-01#unall(Vlan10)

*Mar 1 01:07:16.958: DHCP_SNOOPING: process new DHCP packet, message type: DHCPDISCOVER, input interface: Vl10, MAC da: 0019.5578.e4b7, MAC sa: 0022.0c72.d841, IP da: 172.12.12.2, IP sa: 192.168.30.1, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 192.168.30.1, DHCP chaddr: 0024.e8f9.6fee

*Mar 1 01:07:16.958: DHCP_SNOOPING_SW: exclude source cpu port Vlan10 from output portset.

*Mar 1 01:07:16.958: DHCP_SNOOPING_SW: bridge packet output port set is null, packe

3560-01#unt is dropped.

*Mar 1 01:07:18.955: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Fa0/1 for pak. Was Vl30

*Mar 1 01:07:18.955: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Vl30 for pak. Was Fa0/1

*Mar 1 01:07:18.955: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Fa0/1 for pak. Was Vl30

*Mar 1 01:07:18.955: DHCP_SNOOPING: received new DHCP packet from input interface (FastEthernet0/1)

*Mar 1 01:07:18.955: DHCP_SNOOPING: process new DHCP packet, message type: DHCPDISCOVER, input inte

3560-01#un all

Do I have to set anything on the router? Is this related to the option 82, which I'm struggling on understand in simple terms.

Thanks

Reza Sharifi · ‎01-30-2013

Hi,

Do you have the helper address configured on the SVI of switch0?

HTH

Andy White · ‎01-30-2013

Yes you are correct. Switch1 just has the trunk and both are using VTP, switch1 is almost acting as a L2 switch. If I take DHCP Snooping off everything works fine and the PCs get the IP addresses from the server.

Peter Paluch · ‎01-31-2013

Hi Andy,

Have you tried configuring ip dhcp relay information trusted on the same interface of the router where the ip helper-address command is configured? I suspect that the router dislikes seeing DHCP client messages with the an empty GIADDR field and Option-82 present. Using the aforementioned command deactivates this check and allows the router to process the DHCP message.

Best regards,

Peter