Re: EtherChannel and ip dhcp snooping does not work together

t.fiala · ‎12-20-2006

Aggregation switch C3750G is connected to distribution switch C2950 via EtherChannel (two 1G ports). If I configure on any of two switches "ip dhcp snooping" feature, DHCP packets are blocked. Without EtherChannel works snooping well (the same ip dhcp snooping configuration). Any ideas, how to configure EtherChannel to work with snooping? Thanks, Tomas

ssoberlik · ‎12-28-2006

You can try disabing Option 82 & configure trust port in the port-channel interface or upgrade the IOS of 3750 to 12.2.25 SEE.

t.fiala · ‎12-29-2006

Hallo, thanks for your concern. My IOS of 3750 is one of the latest:

C3750 Software (C3750-IPBASEK9-M), Version 12.2(25)SEE2

What I need is snooping working over EtherChannel in the same way as over single link. I suspect a bug or a workaround I don't know.

Tomas

Yongbing WU · ‎12-29-2006

This is verified as Bug CSCeg74243.

Workaround:

Disable etherchannel and use a single connection between the switches.

Hope this helps.

Regards,

Bill.

t.fiala · ‎12-29-2006

Thanks Bill.

I am looking forward to CSCeg74243 solution.

Happy New Year,

Tomas

mizoran78 · ‎08-24-2010

Almost 4 years later.

Is this solved? Cause I had the same problem. Network with 3750G stacks, interconnected by EtherChannel links (3 x 1Gbps links). If you try to enable DHCP snooping, the L2 loop behaviour happens.

Not sure where should I look for the solution.

BR

burleyman · ‎08-24-2010

Did you trust all the ports and the etherchannel? I am a little new to DHCP snooping but I would think you need to make sure on the the interfaces in the ehter channel and the etherchannel itself should have the following command configured.... ip dhcp snooping trust

Also all you uplinks should have that configured as well.

Mike

mizoran78 · ‎08-24-2010

Of course I did that.

I "trusted" all uplink ports. In this case uplink port are both 3 physical 1 Gig ports which are members of port-channel, and logical 3Gig port (portchannel). In the same time, uplink is a trunk. When I enabled the feature, I got the following messages

975927: Jul 30 14:54:14.267 CEST: %SW_MATM-4-MACFLAP_NOTIF: Host 001e.0bea.bd9e in vlan 2 is flapping between port Po3 and port Po1
975928: Jul 30 14:54:29.392 CEST: %SW_MATM-4-MACFLAP_NOTIF: Host 001e.0bea.bd9e in vlan 2 is flapping between port Po2 and port Po3
975930: Jul 30 14:54:44.542 CEST: %SW_MATM-4-MACFLAP_NOTIF: Host 001e.0bea.bd9e in vlan 2 is flapping between port Po2 and port Po3
975931: Jul 30 14:54:59.708 CEST: %SW_MATM-4-MACFLAP_NOTIF: Host 001e.0bea.bd9e in vlan 2 is flapping between port Po2 and port Po3
975933: Jul 30 14:55:14.850 CEST: %SW_MATM-4-MACFLAP_NOTIF: Host 001e.0bea.bd9e in vlan 2 is flapping between port Po3 and port Po2
975934: Jul 30 14:55:24.891 CEST: %SW_MATM-4-MACFLAP_NOTIF: Host 001e.0bea.bd9e in vlan 2 is flapping between port Po3 and port Po1
975935: Jul 30 14:55:26.150 CEST: %SW_MATM-4-MACFLAP_NOTIF: Host 001e.0bea.bd9e in vlan 2 is flapping between port Po1 and port Po3
975936: Jul 30 14:55:27.953 CEST: %SW_MATM-4-MACFLAP_NOTIF: Host 001e.0bea.bd9e in vlan 2 is flapping between port Po1 and port Po3
975937: Jul 30 14:55:30.034 CEST: %SW_MATM-4-MACFLAP_NOTIF: Host 001e.0bea.bd9e in vlan 2 is flapping between port Po1 and port Po3

The MAC address is my DHCP server sitting on its own switch. Since it is server aggregation switch it has no enabled DHCP snooping.

However, the network experienced a loop and felt down.

BR

burleyman · ‎08-24-2010

Can you post the config and a diagram?

Mike

mizoran78 · ‎08-24-2010

Burleyman, thanks for willingness to help!

I will try to do that later tonight or tomorrow. Configs are huge but the diagram is simple. Simple star topology with central switch stack in the center. All access switch-stacks are connected to the central one by 3Gig port-channel links. Servers are connected over 2960G switches, which are also connected to the central switch stack bye double 1Gig links (one forwarding, one blocked by rapid-pvst)

As I said, I will try to upload configs later.

BR

t.fiala · ‎08-24-2010

Hi mizoran78.

The issue was solved for two members EtherChannel. I did not check the solution on a "thicker" channel. We are waiting for your configuration. If it will be correct, I would recommend to ask an expert or set the TAC case.

Regards, Tomas

burleyman · ‎08-24-2010

What was it that you did to solve?

Mike

t.fiala · ‎08-25-2010

This was verified as Bug CSCeg74243.

mizoran78 · ‎08-27-2010

Hello,

I am sorry you waited for me a bit.

Here are sanitized configs of the central switch stack, 3 edge switch stacks and one server aggregation switche (where DHCP server resides).

As I have already said, the topology is simple star with sw-server-room in center. Details can be seen from descriptions on interfaces.

Now, because of described problem, DHCP snooping is globally disabled, but all other config statements regarding DHCP snooping are left there.

All inputs appreciated.

BR

mizoran

mizoran78 · ‎08-27-2010

I have just seen that I forgot to tell which software I have on switches

SW-Server-room 12.2(50)SE3 C3750G

SW-1floor 12.1(19)EA1c C3750G

SW-2floor 12.1(19)EA1 C3750G

SW-3floor 12.1(19)EA1 C3750G

SW-Servers-2 12.2(44)SE6 C2960G

Thanks for input!

mizoran