From: Brian Dennis (bdennis@internetworkexpert.com)
Date: Wed Apr 16 2008 - 23:04:42 ART
> Oh man, I am starting to hate DHCP snooping.
Snooping isn't polite to do anyways. If asked to configure it in the lab
just tell the proctor its not polite to snoop ;-)
Brian Dennis, CCIE4 #2210 (R&S/ISP-Dial/Security/SP)
bdennis@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: +1-775-544-1653 (Outside the US and Canada)
>----- Original Message -----
Subject: DHCP snooping
Date: Wed, April 16, 2008 18:28
From: "Rik Guyler" <rik@guyler.net>
> Oh man, I am starting to hate DHCP snooping.
>
> I've been working on this for too long but just can't get it to work. I've
> scrubbed the archives, tried the tips I found there, scrubbed the Internet
> and CCO too, no go so far.
>
> I have a lab router as my DHCP server and 2 other routers as my clients
> (could that be the issue?). The server and one client are connected into a
> 3560 on vlan 10 and the other client is connected to a 3750 on vlan 20,
> which is being trunked over to the 3560. The vlan10 and 20 SVIs are on the
> 3560 with a helper address pointed to the DHCP server on the vlan20
> interface. I just cannot get this to work with DHCP snooping turned on.
> The clients pull addresses for their respective vlans perfectly with it
> disabled but as soon as I turn on snooping DHCP just grinds to a halt.
>
> Can anybody toss a bone my way? I don't have much hair left to keep
pulling
> out over this. ;-)
>
> Here's the "debug ip dhcp packet" output:
>
> *Mar 1 05:21:44.375: DHCPSNOOP(hlfm_set_if_input): Setting if_input to
> Fa0/3 for pak. Was Vl10
> *Mar 1 05:21:44.375: DHCPSNOOP(hlfm_set_if_input): Setting if_input to
Vl10
> for pak. Was Fa0/3
> *Mar 1 05:21:44.375: DHCPSNOOP(hlfm_set_if_input): Setting if_input to
> Fa0/3 for pak. Was Vl10
> *Mar 1 05:21:44.375: DHCP_SNOOPING: received new DHCP packet from input
> interface (FastEthernet0/3)
> *Mar 1 05:21:44.375: DHCP_SNOOPING: process new DHCP packet, message type:
> DHCPDISCOVER, input interface: Fa0/3, MAC da: ffff.ffff.ffff, MAC sa:
> 001b.2ad6.4580, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr:
> 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0,
> DHCP chaddr: 001b.2ad6.4580
> *Mar 1 05:21:44.375: DHCP_SNOOPING: add relay information option.
> *Mar 1 05:21:44.375: DHCP_SNOOPING_SW: Encoding opt82 CID in vlan-mod-port
> format
> *Mar 1 05:21:44.375: DHCP_SNOOPING_SW: Encoding opt82 RID in MAC address
> format
> *Mar 1 05:21:44.375: DHCP_SNOOPING: binary dump of relay info option,
> length: 20 data:
> 0x52 0x12 0x1 0x6 0x0 0x4 0x0 0xA 0x1 0x5 0x2 0x8 0x0 0x6 0x0 0x1B 0x8F
0x7B
> 0x85 0x80
> *Mar 1 05:21:44.375: DHCP_SNOOPING_SW: bridge packet get invalid mat
entry:
> FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (10)
> *Mar 1 05:21:44.375: DHCP_SNOOPING_SW: bridge packet send packet to cpu
> port: Vlan10.
>
>
> The DHCP snooping config is the same on both switches:
>
> ip dhcp relay information trust-all
> !
> ip dhcp snooping vlan 10,20
> ip dhcp snooping
>
> Here's the interface configs:
>
> Server:
> interface FastEthernet0/1
> switchport access vlan 10
> ip dhcp snooping trust
>
> Clients:
> interface FastEthernet0/3
> switchport access vlan 10
> spanning-tree portfast
>
> interface GigabitEthernet1/0/4
> switchport access vlan 20
> spanning-tree portfast
>
> Trunks:
>
> interface FastEthernet0/13
> switchport mode dynamic desirable
> ip dhcp relay information trusted
>
>
> Thanks
> --
> Rik
>
>
> Pass the CCIE in six weeks, Guaranteed!
> http://www.certscience.com/CCIE
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Pass the CCIE in six weeks, Guaranteed!
http://www.certscience.com/CCIE
This archive was generated by hypermail 2.1.4 : Thu May 01 2008 - 08:25:51 ART