Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1785
Views
0
Helpful
5
Replies

Switch - ip verify source port-security - Bug can't have dhcp address

Go to solution
philippe.cousineau
Level 4
Level 4

‎11-03-2010 12:13 PM - edited ‎03-06-2019 01:52 PM

Hi,

No idea why but if I have the "  ip verify source port-security  " enable, I can't get an Ip address.  Is there any special configuration missing, is there any global config for that ?? I think something goes wrong here.

If I put my computer on a port that don't have "  ip verify source port-security  " I get the IP address, as soon as I get my computer in a port that have " ip verify source port-security " nothing....

IOS : c3560-ipbasek9-mz.122-53.SE2.bin

Thanks

interface FastEthernet0/43
switchport access vlan 107
switchport mode access
switchport voice vlan 187
switchport port-security maximum 2
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
mls qos trust device cisco-phone
mls qos trust cos
macro description cisco-phone
spanning-tree portfast
spanning-tree bpduguard enable

ip verify source port-security
ip dhcp snooping limit rate 10

Trunk that goest to Core switch where dhcp is :

interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
ip arp inspection trust
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
mls qos trust cos
auto qos voip trust
macro description cisco-switch
spanning-tree link-type point-to-point
ip dhcp snooping trust

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Chad Peterson
Cisco Employee
Cisco Employee
In response to philippe.cousineau

‎11-03-2010 12:50 PM

Typically you would just want this configuration at your access layer.

You can deploy it elsewhere, however it becomes complicated with which

ports to trust etc.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Chad Peterson
Cisco Employee
Cisco Employee

‎11-03-2010 12:36 PM

Does your DHCP server support option-82?  If I recall correctly for IP source guard and Port security to work together the server needs to support option 82.

0 Helpful

Go to solution
philippe.cousineau
Level 4
Level 4
In response to Chad Peterson

‎11-03-2010 12:39 PM

I think it wasn't working  because this configuration was missing :

conf t

ip dhcp snooping

ip dhcp snooping vlan x,y,z

ip dhcp snooping information option.

0 Helpful

Go to solution
Chad Peterson
Cisco Employee
Cisco Employee
In response to philippe.cousineau

‎11-03-2010 12:41 PM

Ahhh yes, that could explain it.

0 Helpful

Go to solution
philippe.cousineau
Level 4
Level 4
In response to Chad Peterson

‎11-03-2010 12:47 PM

Do you know if I need to do that config only at the access layer or at the distribution layer also ?

0 Helpful

Go to solution
Chad Peterson
Cisco Employee
Cisco Employee
In response to philippe.cousineau

‎11-03-2010 12:50 PM

Typically you would just want this configuration at your access layer.

You can deploy it elsewhere, however it becomes complicated with which

ports to trust etc.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card