SPAN + DHCP SNOOPING

leonarit · ‎07-01-2019

Here's the current setup:

WS-C3650 Version 16.3.7

switch as dhcp server for both vlans 900 & 901.

Vlan 900 dhcp snooping disabled, span dhcp packets inbound/outbound ok.

Vlan 901 dhcp snooping enabled , span dhcp packets inbound ok, outbount nok,

span config:

monitor session 1 source interface Te1/0/19 - 22

monitor session 1 destination interface Gi1/0/14

The problem only occurs with dhcp packets, all other type of traffic is mirrored, if i disable the dhcp snooping on vlan 901 i'm able to capture the outbound dhcp packets from vlan 901.

Does anyone have any past experience with this use case/bug?

I've search the online docs regarding ios xe and span, but there isn't any limitations regarding span and dhcp snooping.

Thanks for your help.

paul driver · ‎07-02-2019

Hello

What would be the role of that destination port when not in a span session regards dhcp snooping- trusted -untrusted

Notice your destination span port is only 1gb but your sources span ports are 2x10gb when snooping is enabled is the utilization of that destination port being overwhelmed?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

leonarit · ‎07-02-2019

The destination port is in trusted state, the amount off traffic is small, 10~50Mbps per te port.

Now that i recall, i had this same behavior with the monitor capture feature , with the monitor capture the packets are capture to a buffer(ram) so if the problem happens also it must be a bug/limitation in ios.

I will open a case.