ip dhcp snooping packets

lee · ‎12-07-2006

Hi,

What exactly is the use for the command "ip dhcp snooping packets"? Do I need this? We had a problem today with users pulling a dhcp address. They were authenticating to the AP with no problems, but no luck pulling an address.

FYI - these are configured on GRE tunnels.

Thanks. Here's an example of the config -

interface tunnel10

ip address 10.x.x.x 255.255.254.0

ip helper-address x.x.x.x

no ip redirects

ip dhcp snooping packets

tunnel source loopback

tunnel mode gre multipoint

mobility network-id xx

mobility broadcast

mobility tcp adjust-mss

stschmidt · ‎12-07-2006

Wireless clients, or mobile nodes, gain access to an untrusted wireless network only if there is a corresponding entry in the DHCP snooping database. Enable DHCP snooping globally by entering the ip dhcp snooping command, and enable DHCP snooping on the tunnel interface by entering the ip dhcp snooping packets command. After you enable DHCP snooping, the process snoops DHCP packets to and from the mobile nodes and populates the DHCP snooping database.

You would probably need to sniff the network to see why DHCP was failing. If you are using Cisco Network Registrar you could also turn up the debugs to get an idea of why it was failing if the packets are getting to CNR.

lee · ‎12-07-2006

Thanks! It looks like since our DHCP servers do not support option 82, the "no ip dhcp snooping information option" command needed to be implemented globally. Things are working now.

The TAC case can be read about here -

http://www.ciscotaccc.com/kaidara-advisor/wireless/showcase?case=K44800117