DAI help from Ben Hughes on 2012-01-28 (Ccielab archives 01/2012)

From: Ben Hughes <bhughes_at_imc.net.au>
Date: Sat, 28 Jan 2012 07:05:06 +0000

Hi guys,

Can anyone help me with where I'm going wrong regarding DAI? I have the following setup:

R1 <-> Cat2 <-> Cat1 <-> R2

R1 is a DHCP server and R2 is a DHCP client.

I have configured the following on both switches:

ip dhcp snoop vlan 12
no ip dhcp snooping information option
ip dhcp snooping database flash:dhcpsnoo
ip dhcp snoop
ip arp insp vlan 12
ip arp insp validate src-mac dest-mac ip

R1's port and interswitch trunks on Cat1 have
ip dhcp snoop trust

On Cat2 I have the following for R1:
arp access-list VL12
permit ip host <R1IP> mac host <R1mac> log
ip arp inspection filter VL12 vlan 12

I can't work out why ARP is still not working. R2 gets an address fine. If I disable ARP inspection on Cat1 everything starts to work. Given that the interswitch trunks have "ip arp inspect trust" and Cat1 has a DHCP snoop binding for R2 I can't see why this doesnt work.

Anyone got any ideas for me?

cheers,
Ben.

Blogs and organic groups at http://www.ccie.net
Received on Sat Jan 28 2012 - 07:05:06 ART

This archive was generated by hypermail 2.2.0 : Thu Feb 02 2012 - 11:52:52 ART