01-18-2007 07:52 AM - last edited on 03-25-2019 03:53 PM by ciscomoderator
Hellow There
I'm tryig to implement DHCP Snooping in a routed LAN.
Two Cisco 4506's are the core of the network. They are the routing devices with interface vlan's. Every access switch is linked to both core switches for redundancy.
I'm trying to prevent vlan 20 (workstation vlan) for unwanted dhcp server.
The dhcp server is on the server vlan (vlan 2). On int vlan 20 there is the command "ip helper-address x.x.x.x).
On every access switch:
- ip dhcp snooping
- ip dhcp snooping vlan 20
- uplinks are trusted ports (ip dhcp snooping trusted)
On the core:
- Uplinks to access switches are trusted
- ip dhcp snooping
- ip dhcp snooping vlan 20
- DHCP snooping trusted on the port with the dhcp server
DHCP is not working anymore.
What is wrong ? Something with the helper config ?
Thanks a lot
Remco
01-18-2007 09:36 AM
Have you turned off option 82?
"no ip dhcp snooping information option" is required to pass dhcp traffic when not using option 82.
George
01-18-2007 12:44 PM
Give this a try as well.
no ip dhcp snooping information option
ip dhcp snooping database bootflash:dhcpsnoop.txt
ip dhcp snooping database write-delay 30
I also think NTP needs to synched as well
01-18-2007 02:38 PM
Hi remco,
I just wanted to know..
1.What's the DHCP server you are using?
2.Does your server support Option-82?
Regards,
Amit.
01-18-2007 11:27 PM
Hellow.
Thanks for the responses. I'm using a Windows 2003 DHCP Server.
Does this matter ?
My DHCP Server is a virtual server on VMWare ESX 3.
Greetings
Remco
01-19-2007 05:29 AM
Hi Remco,
for the DHCP Snooping to work, the DHCP server has to support Option-82.
As per my knowledge the DHCP Server on Windows Server 2003 doesent support it.
If a server supports Option-82 it will also send out the Option-82 information in the ACK packet it sends to the DHCP client. You can run a Ethereal on the DHCP server machine and check wether the DHCP Request packets and ACK packets are carrying the Option-82 information or not?
01-19-2007 11:39 AM
We have DHCP server on Windows 2003 server and DHCP snooping is working fine.
Here is the config
ip dhcp snooping
no ip dhcp snooping information option
ip dhcp snooping vlan 1,2,3 (enter your vlan #)
Trust the port that the server is on
Example:
ip dhcp snooping trust
Interface Fastether3/43
Apply this command for the rest of untursted ports
Example:
interface range Gi5/1 - 48
ip dhcp snooping limit rate 100
Use this command to show the DHCP snooping config
show ip dhcp snooping
Be sure to trust your uplink ports and if they are port channeled that need to be trusted also. I'd do it to both switches.
Interface Gi1/1
ip dhcp snooping trust
!
Interface Gi1/2
ip dhcp snooping trust
!
interface Port-channel1
ip dhcp snooping trust
!
01-21-2007 11:38 PM
Thank you !
Next week i'm going to try the config !
Gr.
Remco
01-23-2007 12:55 PM
Hi Nopporn,
I have gone through your configuration. It seems you are disabling Option 82 feature. I have gone through the Configuration guide for DHCP Snooping available at the following link http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/12_1_13/config/dhcp.htm It states we got to enable that option. If you are disabling this option, is the binding table for DHCP snoping still being created ?
I was facing a similar situation with DHCP snooping. In my case the clients were getting the IP address. However the binding table was not forming. The Windows DHCP Server was not sending back the Option-82 info to the client. We found there were other people facing similar problem with the Windows Server. We tried the Turbo DHCP Server. We saw that this server was sending the Opt-82 information back. Likewise the binding table was now being formed on my switch .
Plz let me know how it is working in your case without Opt-82?
& Plz rate if you find the info helpful.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide