Misdirected Packets_DHCP Snooping with switches in cascade
Could you please help, after this configuration, many users couldn't have connection
I have 2 switches in cascade, and I did the same config on both switches
-------- Config ---------------------- Access-Switch(config)# ip dhcp snooping vlan 2-3 no ip dhcp snooping information option ip dhcp snooping ip dhcp-server x.x.x.25
Access-Switch(config-if)# uplink interface to DHCP Server ip dhcp snooping trust
--------- Show ------------------------ Access-Switch#sh ver Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 15.0(2)SE6, RELEASE SOFTWARE (fc2)
Access-Switch#sh ip dhcp snooping Switch DHCP snooping is enabled DHCP snooping is configured on following VLANs: 2-3 DHCP snooping is operational on following VLANs: 2-3 DHCP snooping is configured on the following L3 Interfaces:
Insertion of option 82 is disabled circuit-id default format: vlan-mod-port remote-id: 6899.cd57.3080 (MAC) Option 82 on untrusted port is not allowed Verification of hwaddr field is enabled Verification of giaddr field is enabled DHCP snooping trust/rate is configured on the following Interfaces:
Access-Switch#sh ip dhcp snooping st Packets Forwarded = 2185 Packets Dropped = 118 Packets Dropped From untrusted ports = 0
Access-Switch#sh ip dhcp snooping st de Packets Processed by DHCP Snooping = 2306 Packets Dropped Because IDB not known = 0 Queue full = 0 Interface is in errdisabled = 0 Rate limit exceeded = 0 Received on untrusted ports = 0 Nonzero giaddr = 0 Source mac not equal to chaddr = 8 No binding entry = 0 Insertion of opt82 fail = 0 Unknown packet = 0 Interface Down = 0 Unknown output interface = 8 Misdirected Packets = 51 Packets with Invalid Size = 0 Packets with Invalid Option = 0 Access-Switch#
misdirected packets are packets that should have been punt (ed) to the main CPU = process switched for example for the presence of IP options like router alert and so on.
They are dropped as a form of protection of the main cpu from possible DoS attacks.
In your case they are just a few and should not be causing the issues.
Be aware that if you have WIFI users and you have a WLC you need to trust the port the WLC too, because it changes an internal field in DHCP request the gi_address and this causes DHCP snooping to drop client DHCP requests coming via the WLC.
Hello everybody,I am newbies with setting cisco switch.I downloaded Catalyst 2960-X Switch Getting Started Guide but I can't access to Device Manager - Express Setup according to guide.If you follow the instructions and try to keep all LEDs (exc...
To participate in this event, please use the button to ask your questions
Ask questions from Monday, March 8 to Friday, March 19, 2021
All the knowledge of these four experts at your disposal!
Cisco Software-Defined Wide Area Network (SD-WAN) provid...
Community Live- ISR1100X-4G and ISR1100X-6G Platform Overview and Architecture
(Live event - Tuesday, 23 March, 2021 at 10:00 am Pacific/ 1:00 pm Eastern / 7:00 pm Paris)-
This event will have place on Tuesday 23rd, March 2021 at 10:00 hrs PDT&...
Cisco Secure Network Access is helping IT to bridge the gap between what is essential to the business and what the network delivers and to build the next-generation campus network for an unplugged and uninterrupted experience.
Learn more about how these w...
(view in My Videos)
Community Live- New Additions to the Catalyst 8000 Family
(Live event - Tuesday, 23 February, 2021 at 10:00 am Pacific/ 1:00 pm Eastern / 7:00 pm Paris)-
This event had place on Tuesday 23rd, February 2021 at 10:00 hrs PDT...