12-07-2006 09:18 AM - edited 07-03-2021 01:20 PM
Hi,
What exactly is the use for the command "ip dhcp snooping packets"? Do I need this? We had a problem today with users pulling a dhcp address. They were authenticating to the AP with no problems, but no luck pulling an address.
FYI - these are configured on GRE tunnels.
Thanks. Here's an example of the config -
interface tunnel10
ip address 10.x.x.x 255.255.254.0
ip helper-address x.x.x.x
no ip redirects
ip dhcp snooping packets
tunnel source loopback
tunnel mode gre multipoint
mobility network-id xx
mobility broadcast
mobility tcp adjust-mss
12-07-2006 10:47 AM
Wireless clients, or mobile nodes, gain access to an untrusted wireless network only if there is a corresponding entry in the DHCP snooping database. Enable DHCP snooping globally by entering the ip dhcp snooping command, and enable DHCP snooping on the tunnel interface by entering the ip dhcp snooping packets command. After you enable DHCP snooping, the process snoops DHCP packets to and from the mobile nodes and populates the DHCP snooping database.
You would probably need to sniff the network to see why DHCP was failing. If you are using Cisco Network Registrar you could also turn up the debugs to get an idea of why it was failing if the packets are getting to CNR.
12-07-2006 01:25 PM
Thanks! It looks like since our DHCP servers do not support option 82, the "no ip dhcp snooping information option" command needed to be implemented globally. Things are working now.
The TAC case can be read about here -
http://www.ciscotaccc.com/kaidara-advisor/wireless/showcase?case=K44800117
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide