Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1116
Views
0
Helpful
2
Replies

Having trouble with DHCP Snooping beside Relay Agent(ip helper-address)

DarkMist
Level 1
Level 1

‎04-21-2020 09:26 AM

i was wondering if my scenario problem is due to gns3 bug(version 2.2.5) or i am missing something in my configs...if i want to ask briefly: can i have dhcp snooping enabled on L3switch which is dhcp relay agent also(i know it is not suitable to enable dhcp snooping on distribution or core layer but i am trying to test some stuff in my LAB) cause when i enable snooping feature the MLS wont forward dhcp packets to legitimate dhcp server,and by disabling(only on MLS and leave it enabled on 2 access layer switches) it everything works fine!!
so here is my scenario in detailed information:
Capture.PNG

so my MLS is VTP server containing vlans10,100 and uplinks are 802.1Q Trunk ...MLS is also doing the Intervlan routing with
2 SVI (interface vlan 10 & interface vlan 100) and there is a default route for DHCP Server to the interface vlan 100 on MLS...i have created suitable dhcp pool for vlan10 clients on DHCP server and finally i defined helper-address for interface vlan 10 pointing to DHCP Server IP address... at this moment everything works fine and client can recieve ip address(and other stuff like default-router,dns ,etc...) by dhcp server which make sense!!

I did not enable snooping feature yet ...so in order to do this:

ip dhcp snooping

ip dhcp snooping vlan 10,100

i entered this 2 commands on each of access layer switches and MLS ...now as you know it`s time to make interfaces Trusted according to the scenario:

ALS1 --->interface gig 0/1 :  ip dhcp snooping trust

ALS 2 --->interface gig 0/0 : ip dhcp snooping trust

MLS   --->interface gig0/0 :  ip dhcp snooping trust

BUT we are not done yet!!! now we should handle Option 82 :

i tried 2 different ways none of them works:
1-disabling option 82 on every switch(including MLS) by using:
              no ip dhcp snooping information option

2-MLS -->  ip dhcp snooping information option allow-untrusted    and also

   ALS1-->  ip dhcp snooping information option allow-untrusted
none of these worked ! so i decided to make all my interfaces Trusted for dhcp snooping except the one which is connected
to the dhcp client and unfortunately it didn`t worked neither.

i can not figure it out ...why it is not working ...the thing that i understood by capturing traffic is that by enabling dhcp snooping on MLS it will not unicast the packets to dhcp server using ip-helper(and if i enable dhcp snooping on ALS1 and ALS2 and disable it on MLS everything works fine as i mentioned earlier)

Labels:
0 Helpful
2 Replies 2

acampbell
VIP Alumni
VIP Alumni

‎04-21-2020 01:29 PM

Hi,
Have you enabled the DHCP snooping globally on all 3 switches for your vlans.
!
ip dhcp snooping vlan 10 100
ip dhcp snooping
!
Then set up trusted interfaces.
Regards, Alex. Please rate useful posts.
0 Helpful

DarkMist
Level 1
Level 1
In response to acampbell

‎04-21-2020 03:32 PM

yes at first i enabled dhcp snooping globally and then enabled it for my vlans on every sinlge switch including my MLS and as the next step i made appropriate interfaces Trusted ...But that did not work either.
is there any conflicts in logic of dhcp snooping with dhcp relay agent ? i guess not but still wondering why the scenario isn`t working
i found a very similar scenario on the link below and i took my implementations step by step as mentioned there...still not working
so i am guessing this is due to GNS3:

https://www.astorinonetworks.com/2011/06/28/going-deep-with-dhcp-snooping/

anyway thanks for your reply

0 Helpful
Customers Also Viewed These Support Documents