From: Rik Guyler (rik@guyler.net)
Date: Wed Apr 16 2008 - 22:28:13 ART
Oh man, I am starting to hate DHCP snooping.
I've been working on this for too long but just can't get it to work. I've
scrubbed the archives, tried the tips I found there, scrubbed the Internet
and CCO too, no go so far.
I have a lab router as my DHCP server and 2 other routers as my clients
(could that be the issue?). The server and one client are connected into a
3560 on vlan 10 and the other client is connected to a 3750 on vlan 20,
which is being trunked over to the 3560. The vlan10 and 20 SVIs are on the
3560 with a helper address pointed to the DHCP server on the vlan20
interface. I just cannot get this to work with DHCP snooping turned on.
The clients pull addresses for their respective vlans perfectly with it
disabled but as soon as I turn on snooping DHCP just grinds to a halt.
Can anybody toss a bone my way? I don't have much hair left to keep pulling
out over this. ;-)
Here's the "debug ip dhcp packet" output:
*Mar 1 05:21:44.375: DHCPSNOOP(hlfm_set_if_input): Setting if_input to
Fa0/3 for pak. Was Vl10
*Mar 1 05:21:44.375: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Vl10
for pak. Was Fa0/3
*Mar 1 05:21:44.375: DHCPSNOOP(hlfm_set_if_input): Setting if_input to
Fa0/3 for pak. Was Vl10
*Mar 1 05:21:44.375: DHCP_SNOOPING: received new DHCP packet from input
interface (FastEthernet0/3)
*Mar 1 05:21:44.375: DHCP_SNOOPING: process new DHCP packet, message type:
DHCPDISCOVER, input interface: Fa0/3, MAC da: ffff.ffff.ffff, MAC sa:
001b.2ad6.4580, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr:
0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0,
DHCP chaddr: 001b.2ad6.4580
*Mar 1 05:21:44.375: DHCP_SNOOPING: add relay information option.
*Mar 1 05:21:44.375: DHCP_SNOOPING_SW: Encoding opt82 CID in vlan-mod-port
format
*Mar 1 05:21:44.375: DHCP_SNOOPING_SW: Encoding opt82 RID in MAC address
format
*Mar 1 05:21:44.375: DHCP_SNOOPING: binary dump of relay info option,
length: 20 data:
0x52 0x12 0x1 0x6 0x0 0x4 0x0 0xA 0x1 0x5 0x2 0x8 0x0 0x6 0x0 0x1B 0x8F 0x7B
0x85 0x80
*Mar 1 05:21:44.375: DHCP_SNOOPING_SW: bridge packet get invalid mat entry:
FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (10)
*Mar 1 05:21:44.375: DHCP_SNOOPING_SW: bridge packet send packet to cpu
port: Vlan10.
The DHCP snooping config is the same on both switches:
ip dhcp relay information trust-all
!
ip dhcp snooping vlan 10,20
ip dhcp snooping
Here's the interface configs:
Server:
interface FastEthernet0/1
switchport access vlan 10
ip dhcp snooping trust
Clients:
interface FastEthernet0/3
switchport access vlan 10
spanning-tree portfast
interface GigabitEthernet1/0/4
switchport access vlan 20
spanning-tree portfast
Trunks:
interface FastEthernet0/13
switchport mode dynamic desirable
ip dhcp relay information trusted
Thanks
-- RikPass the CCIE in six weeks, Guaranteed! http://www.certscience.com/CCIE
This archive was generated by hypermail 2.1.4 : Thu May 01 2008 - 08:25:51 ART