cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

851
Views
0
Helpful
5
Replies
Highlighted
Beginner

ip dhcp snooping, was working before changing the relay agent.

So we have a customer who is migrating to Cisco from Avaya. The new Cisco core L3, 3650. New Access is 2960X. Migration scenario. Connect 3650 core to Avaya Core(L3). All L3 SVI interfaces on 3650 except management are shutdown. Install new access switches connect to Cisco core and move users to new access. Customer had a rogue dhcp server on there network discovered when we move that particular port to it's proper vlan. So I thought ok, lets configure dhcp snooping on the access switches. So for now the path from client to server is 2960x(po1)-3650(po60)-Avaya 5520-ISP router-MPLS-DHCP SERVER. The Avaya 5520 being the relay agent. All working great. 

ip dhcp snooping vlan 1-250
ip dhcp snooping
interface Port-channel1

switchport mode trunk
switchport nonegotiate
ip dhcp snooping trust
interface GigabitEthernet1/0/48
 switchport mode trunk
 switchport nonegotiate
 channel-group 1 mode passive
 ip dhcp snooping trust
!
Core 3650 has defaults when it comes to snooping. In other words snooping is disabled, no snooping config whatsoever. dhcp relay has the following on all the SVI's.

interface Vlan50
description DataVLAN50
ip address 172.30.50.1 255.255.255.0
ip helper-address 10.240.8.20
ip helper-address 10.240.96.24
end

When we shut down the Avaya Core and enabled the SVI's on the Cisco clients were no longer able to get dhcp. We had to disable snooping on all the access switches. So there must be something that the 3650 is doing that the 5520 was not doing. Perhaps with the option 82 info that the access switches are adding to the requests. I have seen many posts regarding this and proper configuration or not. At this point I am thinking to set this up in a test environment on the customers network with a spare switch and test SVI to trouble shoot this. Looking for ideas on a resolution. 

Everyone's tags (1)
5 REPLIES 5
VIP Advisor

HelloTry disabling option 82

Hello

Try disabling option 82 rely check

no ip dhcp relay information check

res
Paul



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
Beginner

Did you add the -->

Did you add the

ip dhcp snooping trust

in the etherchannel interface?

Beginner

It's there in my original

It's there in my original post.

Beginner

So, no ip dhcp relay

So, no ip dhcp relay information check did not help. Then I tried ip dhcp relay information trust-all in global config mode. That works with or without disabling the information check. I expect that same command on the interfaces facing the access switches would achieve the same result.

I have the debugs from the snooping switch. I should have collected something from the relay switch but did not. The statistics on the snooping switch still show drops but not sure why.

I am going to attach the debugs and show dhcp snooping statistics command.

VIP Advisor

Hello Gary

Hello Gary

So you trusted it instead which is another way and this worked correct?

res

Paul



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards