From: Murphy, William (William.Murphy@uth.tmc.edu)
Date: Thu Apr 17 2008 - 01:57:24 ART
Here are a couple of things to try if you haven't done so already...
use ip dhcp snooping trust on port where server connects and also on
trunk port on 3750
in global config do "no ip dhcp snooping information option" on both
switches
Bill Murphy
Senior Network Analyst
University of Texas Health Science Center - Houston
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Rik Guyler
Sent: Wednesday, April 16, 2008 8:28 PM
To: ccielab@groupstudy.com
Subject: DHCP snooping
Oh man, I am starting to hate DHCP snooping.
I've been working on this for too long but just can't get it to work.
I've
scrubbed the archives, tried the tips I found there, scrubbed the
Internet
and CCO too, no go so far.
I have a lab router as my DHCP server and 2 other routers as my clients
(could that be the issue?). The server and one client are connected
into a
3560 on vlan 10 and the other client is connected to a 3750 on vlan 20,
which is being trunked over to the 3560. The vlan10 and 20 SVIs are on
the
3560 with a helper address pointed to the DHCP server on the vlan20
interface. I just cannot get this to work with DHCP snooping turned on.
The clients pull addresses for their respective vlans perfectly with it
disabled but as soon as I turn on snooping DHCP just grinds to a halt.
Can anybody toss a bone my way? I don't have much hair left to keep
pulling
out over this. ;-)
Here's the "debug ip dhcp packet" output:
*Mar 1 05:21:44.375: DHCPSNOOP(hlfm_set_if_input): Setting if_input to
Fa0/3 for pak. Was Vl10
*Mar 1 05:21:44.375: DHCPSNOOP(hlfm_set_if_input): Setting if_input to
Vl10
for pak. Was Fa0/3
*Mar 1 05:21:44.375: DHCPSNOOP(hlfm_set_if_input): Setting if_input to
Fa0/3 for pak. Was Vl10
*Mar 1 05:21:44.375: DHCP_SNOOPING: received new DHCP packet from input
interface (FastEthernet0/3)
*Mar 1 05:21:44.375: DHCP_SNOOPING: process new DHCP packet, message
type:
DHCPDISCOVER, input interface: Fa0/3, MAC da: ffff.ffff.ffff, MAC sa:
001b.2ad6.4580, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr:
0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr:
0.0.0.0,
DHCP chaddr: 001b.2ad6.4580
*Mar 1 05:21:44.375: DHCP_SNOOPING: add relay information option.
*Mar 1 05:21:44.375: DHCP_SNOOPING_SW: Encoding opt82 CID in
vlan-mod-port
format
*Mar 1 05:21:44.375: DHCP_SNOOPING_SW: Encoding opt82 RID in MAC
address
format
*Mar 1 05:21:44.375: DHCP_SNOOPING: binary dump of relay info option,
length: 20 data:
0x52 0x12 0x1 0x6 0x0 0x4 0x0 0xA 0x1 0x5 0x2 0x8 0x0 0x6 0x0 0x1B 0x8F
0x7B
0x85 0x80
*Mar 1 05:21:44.375: DHCP_SNOOPING_SW: bridge packet get invalid mat
entry:
FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (10)
*Mar 1 05:21:44.375: DHCP_SNOOPING_SW: bridge packet send packet to cpu
port: Vlan10.
The DHCP snooping config is the same on both switches:
ip dhcp relay information trust-all
!
ip dhcp snooping vlan 10,20
ip dhcp snooping
Here's the interface configs:
Server:
interface FastEthernet0/1
switchport access vlan 10
ip dhcp snooping trust
Clients:
interface FastEthernet0/3
switchport access vlan 10
spanning-tree portfast
interface GigabitEthernet1/0/4
switchport access vlan 20
spanning-tree portfast
Trunks:
interface FastEthernet0/13
switchport mode dynamic desirable
ip dhcp relay information trusted
Thanks
-- RikPass the CCIE in six weeks, Guaranteed! http://www.certscience.com/CCIE
This archive was generated by hypermail 2.1.4 : Thu May 01 2008 - 08:25:51 ART