RE: DHCP snooping and ip helper interaction

From: Geert Nijs (Geert.Nijs@simac.be)
Date: Tue Mar 25 2008 - 11:32:38 ART

• Next message: Sadiq Yakasai: "Re: DHCP snooping and ip helper interaction"
• Previous message: Sadiq Yakasai: "Re: need explanation on Lock and key access-list"
• Maybe in reply to: Geert Nijs: "DHCP snooping and ip helper interaction"
• Next in thread: Sadiq Yakasai: "Re: DHCP snooping and ip helper interaction"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Haukur,

Thanks very much ! That was it...try to find that using debugging...this saved my day.
Indeed, it appears from the moment that you enable snooping on the L2 Access level, this switch inserts Option82 into the DHCP packet.
When the L3 switch sees this DHCP broadcast WITH Option82 inserted, he doesn't trust it (even if it is received on a "dhcp trusted" interface) and drops the packet.
You need to expliciclt put "ip dhcp relay information trusted" on the interface, or globally "ip dhcp relay information trust-all" on the L3 switch.

Man, Cisco documentation isn't very "complete" on this point. (it has documentation,but it is scattered on several places i have noticed).

regards,
Geert
CCIE#17329

________________________________________
From: Haukur ^srparson [haukur@sensa.is]
Sent: 23 March 2008 23:00
To: Geert Nijs; ccielab@groupstudy.com
Subject: RE: DHCP snooping and ip helper interaction

Hi Geert,
  If you add the "ip dhcp relay information trusted" on the interface on the distribution switch the DHCP service should start working again, this command allows the L3 interface to forward packets that include DHCP Option 82 informations.

R.
Haukur
CCIE#18026

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Geert Nijs
Sent: 22. mars 2008 15:33
To: ccielab@groupstudy.com
Subject: DHCP snooping and ip helper interaction

All,

Does a DHCP snooping configuration NEED an ip helper address defined on the
same switch ?

In my lab setup, DHCP breaks when i configure dhcp snooping without ip helper
address.
Setup:

Access = C3750 , 12.2(25)SE2
Distribution= C6500, sup720, 12.2(18)SXF8

ACCESS
int vlan 100
 ip address 1.1.1.250 255.255.255.0 <- for management of the
switch !

int gi1/0/49 <--- uplink (is dhcp trusted)
 ip dhcp trust

ip dhcp snooping vlan 100 <- activate snooping
on access

DISTRIBUTION
int vlan 100
 ip address 1.1.1.2 255.255.255.0
 standby 1 ip 1.1.1.1
 ip helper-address 192.168.1.1

Without dhcp snooping on the access, the config works. Clients get an ip
address.
Once i enable dhcp snooping on the access, dhcp doesn't work anymore ??

regards,
Geert Nijs

  ________________________________
disclaimer : http://webservices.simac.be/disclaimer.htm

• Next message: Sadiq Yakasai: "Re: DHCP snooping and ip helper interaction"
• Previous message: Sadiq Yakasai: "Re: need explanation on Lock and key access-list"
• Maybe in reply to: Geert Nijs: "DHCP snooping and ip helper interaction"
• Next in thread: Sadiq Yakasai: "Re: DHCP snooping and ip helper interaction"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Apr 01 2008 - 07:53:54 ART