10-07-2023 12:50 PM
Hello Professionals,
I have a question about DHCP snooping with trusted port.
I have Cisco 9300 switch and wlc9800 controller is connected to this switch.
Wireless client can get IP address from the DHCP pool from C9300 switch.
When I tried connect SSID, I got authentication from the controller, but couldn’t get up address. Besides, I got bunch of error logs from the C9300 switch that snooping related. Looks like snooping on the switch is enabled by default.
After I made a port which is connected to WLC9800 to be trusted port, then it works.
from the switch port, isn’ t it defined which DHCP server side?
Why WLC connected port needs to be a dhcp snooping trusted port?
Thank you for giving your time for my question.
10-07-2023 11:44 PM
>...Why WLC connected port needs to be a dhcp snooping trusted port?
- It doesn't
>...Besides, I got bunch of error logs from the C9300 switch that snooping related
- Provide an example of these logs
>...When I tried connect SSID, I got authentication from the controller, but couldn’t get up address
- You can debug the particular client (or clients in general using) : https://logadvisor.cisco.com/logadvisor/wireless/9800/9800ClientConnectivity
Radioactive Traces can be analyzed with : https://cway.cisco.com/wireless-debug-analyzer
Appendix : have a checkup of the WLC9800 configuration with the CLI command show tech wireless ; feed the output into :
https://cway.cisco.com/wireless-config-analyzer/
M.
10-09-2023 06:53 AM
Hello @marce1000 ,
The logs I got from C9300 are:
045224: .Oct 5 2023 13:27:54: %DHCP_SNOOPING-5-DHCP_SNOOPING_NONZERO_GIADDR: DHCP_SNOOPING drop message with non-zero giaddr or option82 value on untrusted port, message type: DHCPDISCOVER, MAC sa: 8c1e.80xx.xxxx
045225: .Oct 5 2023 13:28:30: %DHCP_SNOOPING-5-DHCP_SNOOPING_NONZERO_GIADDR: DHCP_SNOOPING drop message with non-zero giaddr or option82 value on untrusted port, message type: DHCPDISCOVER, MAC sa: 8c1e.80xx.xxxx
045226: .Oct 5 2023 13:29:04: %DHCP_SNOOPING-5-DHCP_SNOOPING_NONZERO_GIADDR: DHCP_SNOOPING drop message with non-zero giaddr or option82 value on untrusted port, message type: DHCPDISCOVER, MAC sa: 8c1e.80xx.xxxx
045227: .Oct 5 2023 13:29:36: %DHCP_SNOOPING-5-DHCP_SNOOPING_NONZERO_GIADDR: DHCP_SNOOPING drop message with non-zero giaddr or option82 value on untrusted port, message type: DHCPDISCOVER, MAC sa: 8c1e.80xx.xxxx
From the wireless-config-analyzer, I couldn't get much information regarding DHCP or interface configuration, but I will try client debug.
Thank you.!
10-09-2023 08:46 AM
- Turn off all related dhcp snooping configuration commands on the 9300 ; check if that can help wireless users ; and pay attention to the other items in my initial reply too.
M.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide