11-25-2011 04:22 PM - edited 03-07-2019 03:36 AM
hi all,
I got some problem with enabling dhcp snooping on 4500 (cat4500e-lanbasek9-mz.122-54.SG.bin)
the topology is as below:
dhcp snooping enabled only on CORE (with interface trusted to dhcp server)
the problem is that I put these 2 commnads
ip dhcp snooping
ip dhcp snooping vlan 1
but it is not enabled on any vlan
SW-CORE#sh ip dhcp snooping
Switch DHCP snooping is enabled
DHCP snooping is configured on following VLANs:
none
DHCP snooping is operational on following VLANs:
none
DHCP snooping is configured on the following L3 Interfaces:
Insertion of option 82 is enabled
circuit-id default format: vlan-mod-port
remote-id: 1cdf.0ffe.1600 (MAC)
Option 82 on untrusted port is not allowed
Verification of hwaddr field is enabled
Verification of giaddr field is enabled
DHCP snooping trust/rate is configured on the following Interfaces:
Interface Trusted Allow option Rate limit (pps)
--------------------- ------- ------------ ----------------
GigabitEthernet6/48 yes yes unlimited
Custom circuit-ids:
On B1 if I turn it on there is a "1" in the section "
DHCP snooping is configured on following VLANs:" but on core no.
As you can see I did put the trusted on the interface in the direction to the dhcp.
First I thought it can be a problem with option 82, I've read a lot about the issues with that, but the problem would be explicable if the client did receive IP address, but it does.
Right now I have no access to the devices so deep troubleshooting is limited so any raw suggestions?
regards
Przemek
11-25-2011 05:31 PM
Hi,
In addition to configuring it under the interface, you also need to enable it globally
have a look at this example:
Switch(config)#ip dhcp snooping vlan 1
Switch(config)#do sh ip dh snoo
Switch DHCP snooping is enabled
DHCP snooping is configured on following VLANs:
1
DHCP snooping is operational on following VLANs:
1
DHCP snooping is configured on the following L3 Interfaces:
Insertion of option 82 is enabled
circuit-id default format: vlan-mod-port
remote-id: 001b.5400.3380 (MAC)
Option 82 on untrusted port is not allowed
Verification of hwaddr field is enabled
Verification of giaddr field is enabled
DHCP snooping trust/rate is configured on the following Interfaces:
Interface Trusted Allow option Rate limit (pps)
----------------------- ------- ------------ ----------------
GigabitEthernet1/0/1 yes yes unlimited
Custom circuit-ids:
Switch(config)#
HTH
11-25-2011 10:44 PM
hi,
thx for reply,
I wasn't clear enaugh - I know that it must be enabled and I did put these 2 commands globally in the first place, but still I got none in the place where vlans are mentioned. Show run indicated that it is enabled globally and in the vlan, but show ip dhcp snooping as pasted previously.
I tried it on 2960 (B1) and its ok (right now its disabled if that matters), the problem is only with 4500 what is realy frustrating.
I forgot to add that somehow dhcp snooping was working as expected that when I change the interface to which the B2 switch is connected (the one with dhcp server) to the untrusted, the station couldn't get the IP address. So it seams that only binding table is not being build and that it shows it is enabled on none vlans.
Binding table is essential here cause I want to use DAI so please help
regards
Przemek
11-26-2011 01:17 PM
ok its working
after disabling it and enabling in the same manner it started to work. Don't know why it didnt in the first place.
regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide