IP DHCP Snooping Binding Empty

MohammadSalih · ‎06-18-2023

hi every one,

i have more than 25 Switch 3750,3560,2960 connected together ,

in the main Sw is 3560 L3 (the top of them) i have three vlans 10,20,30 and enable DHCP Server for each vlan,

i also enabled DHCP Snooping in all switches and DAI ,

the configuration of DHCP Snooping and DAI :

B1-SW-P1(config)#ip dhcp snooping

B1-SW-P1(config)#ip dhcp snooping vlan 10,20,30

B1-SW-P1(config)#no ip dhcp snooping information option

B1-SW-P1(config)#ip arp inspection vlan 10,20,30

B1-SW-P1(config)#ip arp inspection validate src-mac

all uplink to the main SW configured as Trust DHCP Snooping

B1-SW-P1(config-if)#ip dhcp snooping trust

all trunk ports configured as Trust DAI

B1-SW-P1(config-if)#ip arp inspection trust

the problem is some Switches work fine and some of them not work

when i check the snooping binding table it is empty and the devices attached to the SW not assigned ip address

and if i remove dhcp snooping the devices get ip's ,

i tried alot and i didn't figured what is the problem

Flavio Miranda · ‎06-18-2023

Hi

What I´d suggest first is to check for pattern like switch model and IOS version. This can easily be a bug.

Other then that, try to look the logs for those not working switches.

MohammadSalih · ‎06-18-2023

i think about IOS Version too,

but i didn't check, i will try different IOS and tell you the result.

thanks for replying.

MHM Cisco World · ‎06-18-2023

These non work SW connect to trunk to core SW, this trunk allow other vlan (vlan that not config with snooping)?

MohammadSalih · ‎06-18-2023

Hi,

yes, there are other vlans that i didn't enable dhcp snooping config , because i don't need Snooping fot it

MHM Cisco World · ‎06-18-2023

""all uplink to the main SW configured as Trust DHCP Snooping""

The uplink config with dhcp snooping but not config with arp inspection trust' why ?

M02@rt37 · ‎06-18-2023

@MohammadSalih

@MHM Cisco Worldis right:

By configuring both DHCP snooping trust and ARP inspection trust on the uplink interfaces, you allow DHCP traffic and ARP packets to traverse those ports without interference. This ensures that DHCP requests can reach the DHCP server and that ARP packets can be properly inspected and validated.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

MohammadSalih · ‎06-19-2023

"" all trunk ports configured as Trust DAI

B1-SW-P1(config-if)#ip arp inspection trust ""

i already configure it

MohammadSalih · ‎06-18-2023

yes

M02@rt37 · ‎06-18-2023

Hello @MohammadSalih,

Ensure that there are no connectivity or spanning-tree issues on the switches that are not working. Verify that the spanning-tree topology is correct and there are no blocking or forwarding issues.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

MohammadSalih · ‎06-19-2023

the spanning-tree is work fine, i have no problem with it .

MHM Cisco World · ‎06-19-2023

Few Q please can you answer it

1- SW platform and IOS ver.

2-are you config up link with port channel

3-are you config device tracking

4-are you config dhcp relay

AlwaysBeginner · ‎10-05-2023

Try to add the command "no ip dhcp snooping information option"

IP DHCP Snooping Binding Empty

Doc - Examinando DHCP Snooping en Redes Empresariales

7609开启DHCP snooping后不更新DHCP binding table

【原创】思科交换机DHCP snooping配置测试

Problema con DHCP Snooping

dhcp snooping+IP source guard 问题