Hi @marce1000,

In this port we have a access control device and this it doens't have DHCP packet, we captured by mirroring on switch and it had ICMP packets, port g0/1 jus work if we put this command: 'ip dhcp snooping trust', follow show and configuration:

SW_CTJL_38#sh ip dhcp snooping
Switch DHCP snooping is enabled
Switch DHCP gleaning is disabled
DHCP snooping is configured on following VLANs:
1,6,10,52,54,60,110,120,130,1000
DHCP snooping is operational on following VLANs:
1,6,10,52,54,60,110,120,130,1000
DHCP snooping is configured on the following L3 Interfaces:

Insertion of option 82 is enabled
circuit-id default format: vlan-mod-port
remote-id: 84eb.ef60.2480 (MAC)
Option 82 on untrusted port is not allowed
Verification of hwaddr field is enabled
Verification of giaddr field is enabled
DHCP snooping trust/rate is configured on the following Interfaces:

Interface Trusted Allow option Rate limit (pps)
----------------------- ------- ------------ ----------------
GigabitEthernet0/1 no no 10
Custom circuit-ids:
GigabitEthernet0/2 yes yes 10
Custom circuit-ids:
GigabitEthernet0/3 no no 10
Custom circuit-ids:
GigabitEthernet0/4 no no 10
Custom circuit-ids:
GigabitEthernet0/5 no no 10
Custom circuit-ids:
GigabitEthernet0/6 no no 10
Custom circuit-ids:
GigabitEthernet0/7 no no 10
Custom circuit-ids:
GigabitEthernet0/8 no no 10
Custom circuit-ids:
GigabitEthernet0/10 yes yes unlimited
Custom circuit-ids:
Port-channel1 yes yes unlimited
Custom circuit-ids:
-------------------------------
ip dhcp snooping vlan 1,6,10,52,54,60,110,120,130,1000
ip dhcp snooping
----------------------------------------
interface GigabitEthernet0/1

description ## SERVICOS ##
switchport access vlan 60
switchport mode access
switchport nonegotiate
switchport port-security maximum 2
ip arp inspection limit none
authentication event fail action next-method
authentication event server dead action reinitialize vlan 10
authentication event server alive action reinitialize
authentication host-mode multi-domain
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication violation restrict
mab
dot1x pae authenticator
dot1x timeout tx-period 10
storm-control broadcast level 20.00 10.00
storm-control multicast level 20.00 10.00
storm-control action shutdown
spanning-tree portfast edge
ip verify source
ip dhcp snooping limit rate 10
end

Hi @David Ruess 

1. Did you capture packets when the device was requesting the IP address? How many DHCP packets came across?
This device is with fixed IP, there isn't DHCP packets,

2. Were you monitoring the right interface (double check)
yes, definitely

3. Is the device requesting more than One IP address? Is the port a trunk port with multiple VLANs or connected to a server with multiple IP requests?
it is access port

This device is with fixed IP, there isn't DHCP packets, <<- this explain some kind the issue here 
ARP inspect depend on DHCP snooping table for static endpoint you need to add manually entry into DHCP snooping table otherwise you need to trust the port.

MHM

Hi @MHM Cisco World 

Follow in attached a capture with 'ip dhcp snooping trus' and another wit 'ip dhcp snooping limit rate 10':

Yes friend I will check it but did you add manually the static IP endpoint to dhcp snooping ?

MHM

@MHM Cisco World 
I don't understand your question, but, this device is fixed IP,

You run arp inspection and dhcp snooping, and that correct. 

Arp inspection is depend on dhcp snooping database to permit or deny arp from specific port. 

Now you use fixed IP and hence there is no dhcp and also NO dhcp snooping and no entry in table, 

Here the arp inspection don't have any Info as reference to permit or deny 

So you config 

Ip dhcp snooping trust, this like disable all dhcp and protocol depen on snooping include arp inspection. 

But the solution for any fixed IP in dhcp snooping environment is add manual entry. 

MHM