WLC9800 and Cisco9300 switch DHCP snooping

eeebbunee · ‎10-07-2023

Hello Professionals,

I have a question about DHCP snooping with trusted port.
I have Cisco 9300 switch and wlc9800 controller is connected to this switch.

Wireless client can get IP address from the DHCP pool from C9300 switch.

When I tried connect SSID, I got authentication from the controller, but couldn’t get up address. Besides, I got bunch of error logs from the C9300 switch that snooping related. Looks like snooping on the switch is enabled by default.
After I made a port which is connected to WLC9800 to be trusted port, then it works.

from the switch port, isn’ t it defined which DHCP server side?

Why WLC connected port needs to be a dhcp snooping trusted port?

Thank you for giving your time for my question.

marce1000 · ‎10-07-2023

>...Why WLC connected port needs to be a dhcp snooping trusted port?
- It doesn't

>...Besides, I got bunch of error logs from the C9300 switch that snooping related
- Provide an example of these logs

>...When I tried connect SSID, I got authentication from the controller, but couldn’t get up address
- You can debug the particular client (or clients in general using) : https://logadvisor.cisco.com/logadvisor/wireless/9800/9800ClientConnectivity
Radioactive Traces can be analyzed with : https://cway.cisco.com/wireless-debug-analyzer

Appendix : have a checkup of the WLC9800 configuration with the CLI command show tech wireless ; feed the output into :
https://cway.cisco.com/wireless-config-analyzer/

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

eeebbunee · ‎10-09-2023

Hello @marce1000 ,

The logs I got from C9300 are:

045224: .Oct 5 2023 13:27:54: %DHCP_SNOOPING-5-DHCP_SNOOPING_NONZERO_GIADDR: DHCP_SNOOPING drop message with non-zero giaddr or option82 value on untrusted port, message type: DHCPDISCOVER, MAC sa: 8c1e.80xx.xxxx
045225: .Oct 5 2023 13:28:30: %DHCP_SNOOPING-5-DHCP_SNOOPING_NONZERO_GIADDR: DHCP_SNOOPING drop message with non-zero giaddr or option82 value on untrusted port, message type: DHCPDISCOVER, MAC sa: 8c1e.80xx.xxxx
045226: .Oct 5 2023 13:29:04: %DHCP_SNOOPING-5-DHCP_SNOOPING_NONZERO_GIADDR: DHCP_SNOOPING drop message with non-zero giaddr or option82 value on untrusted port, message type: DHCPDISCOVER, MAC sa: 8c1e.80xx.xxxx
045227: .Oct 5 2023 13:29:36: %DHCP_SNOOPING-5-DHCP_SNOOPING_NONZERO_GIADDR: DHCP_SNOOPING drop message with non-zero giaddr or option82 value on untrusted port, message type: DHCPDISCOVER, MAC sa: 8c1e.80xx.xxxx

From the wireless-config-analyzer, I couldn't get much information regarding DHCP or interface configuration, but I will try client debug.

Thank you.!

marce1000 · ‎10-09-2023

- Turn off all related dhcp snooping configuration commands on the 9300 ; check if that can help wireless users ; and pay attention to the other items in my initial reply too.

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '