Misdirected Packets_DHCP Snooping with switches in cascade
Could you please help, after this configuration, many users couldn't have connection
I have 2 switches in cascade, and I did the same config on both switches
-------- Config ---------------------- Access-Switch(config)# ip dhcp snooping vlan 2-3 no ip dhcp snooping information option ip dhcp snooping ip dhcp-server x.x.x.25
Access-Switch(config-if)# uplink interface to DHCP Server ip dhcp snooping trust
--------- Show ------------------------ Access-Switch#sh ver Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 15.0(2)SE6, RELEASE SOFTWARE (fc2)
Access-Switch#sh ip dhcp snooping Switch DHCP snooping is enabled DHCP snooping is configured on following VLANs: 2-3 DHCP snooping is operational on following VLANs: 2-3 DHCP snooping is configured on the following L3 Interfaces:
Insertion of option 82 is disabled circuit-id default format: vlan-mod-port remote-id: 6899.cd57.3080 (MAC) Option 82 on untrusted port is not allowed Verification of hwaddr field is enabled Verification of giaddr field is enabled DHCP snooping trust/rate is configured on the following Interfaces:
Access-Switch#sh ip dhcp snooping st Packets Forwarded = 2185 Packets Dropped = 118 Packets Dropped From untrusted ports = 0
Access-Switch#sh ip dhcp snooping st de Packets Processed by DHCP Snooping = 2306 Packets Dropped Because IDB not known = 0 Queue full = 0 Interface is in errdisabled = 0 Rate limit exceeded = 0 Received on untrusted ports = 0 Nonzero giaddr = 0 Source mac not equal to chaddr = 8 No binding entry = 0 Insertion of opt82 fail = 0 Unknown packet = 0 Interface Down = 0 Unknown output interface = 8 Misdirected Packets = 51 Packets with Invalid Size = 0 Packets with Invalid Option = 0 Access-Switch#
misdirected packets are packets that should have been punt (ed) to the main CPU = process switched for example for the presence of IP options like router alert and so on.
They are dropped as a form of protection of the main cpu from possible DoS attacks.
In your case they are just a few and should not be causing the issues.
Be aware that if you have WIFI users and you have a WLC you need to trust the port the WLC too, because it changes an internal field in DHCP request the gi_address and this causes DHCP snooping to drop client DHCP requests coming via the WLC.
Community Live- Basic Wireshark for Networking Students
(Live event - formerly known as Webcast- Tuesday 14 April, 2020 at 10 am Pacific/ 1 pm Eastern / 7 pm Paris)
This event will have place on Tuesday 14th, April 2020 at 10hrs PDT
Cisco IOS-XE 17.2.1 – Catalyst Switching Updates
Cisco has announced the availability of the latest IOS-XE release - IOS-XE Amsterdam 17.2. This release IOS-XE 17.2 is the next Standard Maintenance Release after 17.1 which also has a sustaining lifetime o...
In this article, we are going to talk about Cisco Umbrella Initial Setup.- The continuity of IT is the basis of today’s business environment. Almost every single decision made by business is either based on an IT data or done using the IT platform. And so...
This event had place on Tuesday 24th, March 2020 at 10hrs PDT
Daniel Dib is a Senior Network Architect at Conscia. He works with creating scalable, modular, and highly available network designs that...
Cisco DNA Spaces is a single, scalable, reliable location platform that digitizes spaces by centralizing location services for both people and things.
With Cisco DNA Spaces See what’s happening at your properties, and benchmark your performan...