cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

526
Views
4
Helpful
2
Replies
Highlighted
Beginner

problem deactivating/activating DHCP snooping

Hi,

I have the following problem with IP DHCP snooping. This feature is enabled for vlan 11, along with Dynamic ARP Inspection.

When I disable DHCP Snooping globally and enable it, after a while I get complaints from users that they can not connect to LAN. The problem is solved only when I asked them to reboot their machines.

any idea?

Everyone's tags (4)
2 REPLIES 2
Hall of Fame Expert

Re: problem deactivating/activating DHCP snooping

Hello Wassim,

>> The problem is solved only when I asked them to reboot their machines.

any idea?

disabling/enabling DHCP snooping resets the DHCP bindings database, when the user PC is rebooted it performs again a DHCP request and can get an IP address and access to the network.

Before that a PC tries to access the network with its current DHCP lease but it not considered an authorized host because it is not in the database

you should store the DHCP binding database on an external server for later retrivial

see

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_46_se/configuration/guide/swdhcp82.html#wp1220352

Hope to help

Giuseppe

Enthusiast

Re: problem deactivating/activating DHCP snooping

Hi Giuseppe,

I uploaded the config. I note that there are IP DHCP snooping and Dynamic ARP Inspection configured. Could it be because of DAI?

- I actually have DHCP snooping database agent configured. The agent file exists and is populated, and TFTP server is up. I thought that, if I disable/enable DHCP snooping, switch will restore its DHCP snooping database from the remote file.

However I keep receiving the following message:

" %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Res) on Fa1/0/28, vlan 11.([f4ce.4602.fa9b/10.100.0.113/0008.e3ff.fc28/10.100.0.126/14:47:18 UTC Wed May 11 2011])  "

- all hosts are DHCP-enabled.

- a "show ip dhcp snooping binding" displays an increasing number of bindings, but not all the bindings before disabling DHCP snooping.

Thanks

CreatePlease to create content
Content for Community-Ad