Showing results for 
Search instead for 
Did you mean: 

ip dhcp snooping packets



What exactly is the use for the command "ip dhcp snooping packets"? Do I need this? We had a problem today with users pulling a dhcp address. They were authenticating to the AP with no problems, but no luck pulling an address.

FYI - these are configured on GRE tunnels.

Thanks. Here's an example of the config -

interface tunnel10

ip address 10.x.x.x

ip helper-address x.x.x.x

no ip redirects

ip dhcp snooping packets

tunnel source loopback

tunnel mode gre multipoint

mobility network-id xx

mobility broadcast

mobility tcp adjust-mss

2 Replies 2


Wireless clients, or mobile nodes, gain access to an untrusted wireless network only if there is a corresponding entry in the DHCP snooping database. Enable DHCP snooping globally by entering the ip dhcp snooping command, and enable DHCP snooping on the tunnel interface by entering the ip dhcp snooping packets command. After you enable DHCP snooping, the process snoops DHCP packets to and from the mobile nodes and populates the DHCP snooping database.

You would probably need to sniff the network to see why DHCP was failing. If you are using Cisco Network Registrar you could also turn up the debugs to get an idea of why it was failing if the packets are getting to CNR.

Thanks! It looks like since our DHCP servers do not support option 82, the "no ip dhcp snooping information option" command needed to be implemented globally. Things are working now.

The TAC case can be read about here -

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers