From: Marvin Greenlee (marvin@ipexpert.com)
Date: Thu May 31 2007 - 23:59:59 ART
What type of switch is switch 2? I've seen this work on 3550s fine, but
I've seen similar errors on 3560s 'Debug ip dhcp snooping packet' shows:
On a 3560: (doesn't work)
3d22h: DHCP_SNOOPING: process new DHCP packet, message type: DHCPOFFER,
input interface: Fa0/21, MAC da: ffff.ffff.ffff, MAC sa: 0012.01b0.9c80, IP
da: 255.255.255.255, IP sa: 10.1.1.1, DHCP ciaddr: 0.0.0.0, DHCP yiaddr:
10.1.1.3, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr:
0019.060c.c3c1 <---Mac of VLAN 10 in 'show vlan 10'
3d22h: DHCP_SNOOPING_SW: client address lookup failed to locate client
interface, retry lookup using packet mac DA: ffff.ffff.ffff
3d22h: DHCP_SNOOPING_SW: lookup packet destination port failed to get mat
entry for mac: 0019.060c.c3c1
3d22h: DHCP_SNOOPING: can't find output interface for dhcp reply. the
message is dropped.
On a 3550: (works)
*Mar 4 22:58:01.192: DHCP_SNOOPING: process new DHCP packet, message type:
DHCPOFFER, input interface: Gi0/1, MAC da: ffff.ffff.ffff, MAC sa:
0012.01b0.9c80, IP da: 255.255.255.255, IP sa: 10.1.1.1, DHCP ciaddr:
0.0.0.0, DHCP yiaddr: 10.1.1.5, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0,
DHCP chaddr: 0012.01b3.ba00 <--- MAC of vlan 10 in 'show vlan 10'
*Mar 4 22:58:01.192: DHCP_SNOOPING: direct forward dhcp reply to cpu port:
Vlan10.
Interface Vlan10 assigned DHCP address 10.1.1.5, mask 255.255.255.0
On the 3550, local MAC addresses of vlan interfaces are included in the mac
address table, so the lookup is fine, and the switch knows to send it to the
CPU.
Not sure if the MAC addresses not being added to the mac address table on
the 3560 is a bug, or there by design, but it would appear to be causing the
problem of the switch not knowing how to handle the returning DHCPOFFER.
Marvin Greenlee, CCIE #12237 (R&S, SP, Sec)
Senior Technical Instructor - IPexpert, Inc.
A Cisco Learning Partner - We Accept Learning Credits!
Telephone: +1.810.326.1444
Fax: +1.810.454.0130
Mailto: mgreenlee@ipexpert.com
IPexpert - The Global Leader in Self-Study, Classroom-Based, Video
Class-On-Demand and Audio Certification Training Tools for the Cisco CCIE
R&S Lab, CCIE Security Lab, CCIE Service Provider Lab, CCIE Voice Lab and
CCIE Storage Lab Certifications.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
sebastan bach
Sent: Thursday, May 31, 2007 6:52 PM
To: ccielab@groupstudy.com
Subject: has anyone faced this problem with dhcp snooping
has anyone faced this problem with dhcp snooping .
here;s my scenario
sw1 has a host on vlan 10 and there;s a SVI for vlan 1o with ip add
10.1.1.1/24.
dhcp server is configured on the switch
ip dhcp excluded-address 10.1.1.1
ip dhcp pool mypool
network 10.1.1.0 /24
default-router 10.1.1.1
the host on SW1 gets the ip address from dhcp server.
i have also enabled dhcp snooping for vlan 10.
i have a SW2 with a SVI for vlan 10.whose ip address is set to get from
dhcp
int vlan 10
ip address dhcp.
trunk has been configured between SW1 and SW2.
i have also enabled dhcp snooping for vlan 10 on SW2.
and i have configured the trunk ports on both the switches as trusted ports
for dhcp snooping.
on SW1 i can see the dhcp server has assigned a ip address to the SVI on SW2
but on SW2 the ip address is not assigned to int vlan 10.
with the debug i see that when the dhcp reply reaches the trunk port of SW2
it says it cannot find the mac-address and drops the packet.
in the mac-address able also i cannot the mac-address of the SVI vlan 10.
when i disable dhcp snooping everything works fine, the SVI on SW2 gets the
ip address from the dhcp server.,
can u help me with getting this working with dhcp snooping or tell me why
this is not working .
any help will be greatly appreciated.
regards
sebastan
This archive was generated by hypermail 2.1.4 : Sun Jul 01 2007 - 17:24:46 ART