HPE Community
Switches, Hubs, and Modems
1753753 Members
4756 Online
108799 Solutions
New Discussion юеВ

Re: DHCP-Snooping HP2626 (H_10_50)

 
dencom
New Member

тАО07-13-2008 09:34 AM

тАО07-13-2008 09:34 AM

DHCP-Snooping HP2626 (H_10_50)

Hello all,

We want to use DHCP-Snooping in our network. we are currently testing and see this message in the debug details:
dsnp bootreply 001a4ba44ad7 drop: outbound port unknown

What have we forgot to setup properly? We have added one authorized server.

0 Kudos
8 REPLIES 8
cenk sasmaztin
Honored Contributor

тАО07-13-2008 10:29 PM

тАО07-13-2008 10:29 PM

Re: DHCP-Snooping HP2626 (H_10_50)

hi dencom
you can use dhcp snooping on 2626 you make
example config on your switch

cenk



ProCurve Switch 2626# conf
ProCurve Switch 2626(config)#dhcp-snooping
ProCurve Switch 2626(config)# sh dhcp-snooping

DHCP Snooping Information

DHCP Snooping : Yes
Enabled Vlans :
Verify MAC : Yes
Option 82 untrusted policy : drop
Option 82 Insertion : Yes
Option 82 remote-id : mac

Store lease database : Not configured

Port Trust
---- -----
1 No
2 No
3 No
4 No
5 No
6 No
7 No
8 No
9 No
10 No
11 No
12 No
13 No
14 No
15 No
16 No
17 No
18 No
19 No
20 No
21 No
22 No
23 No
24 No
25 No
26 No

ProCurve Switch 2626(config)# dhcp-snooping trust 1
ProCurve Switch 2626(config)# sh dhcp-snooping

DHCP Snooping Information

DHCP Snooping : Yes
Enabled Vlans :
Verify MAC : Yes
Option 82 untrusted policy : drop
Option 82 Insertion : Yes
Option 82 remote-id : mac

Store lease database : Not configured

Port Trust
---- -----
1 Yes*****for dhcp server*****
2 No
3 No
4 No
5 No
6 No
7 No
8 No
9 No

ProCurve Switch 2626(config)# dhcp-snooping authorized-server 100.100.100.80
ProCurve Switch 2626(config)# sh dhcp-snooping

DHCP Snooping Information

DHCP Snooping : Yes
Enabled Vlans :
Verify MAC : Yes
Option 82 untrusted policy : drop
Option 82 Insertion : Yes
Option 82 remote-id : mac

Store lease database : Not configured

Authorized Servers
------------------
100.100.100.80


Port Trust
---- -----
1 Yes
2 No
3 No
4 No
5 No
6 No
7 No
8 No
9 No
10 No
11 No
12 No
13 No
14 No
15 No
16 No
17 No
18 No
19 No
20 No
21 No
22 No
23 No
24 No
25 No
26 No


ProCurve Switch 2626(config)#
cenk

0 Kudos
dencom
New Member

тАО07-13-2008 10:37 PM

тАО07-13-2008 10:37 PM

Re: DHCP-Snooping HP2626 (H_10_50)

Cenk,

Thanks for you respons. I think I have this config setup the way you have suggested. But what does the respons mean which I see in my debug? "dsnp bootreply 001a4ba44ad7 drop: outbound port unknown" the mac adddress mentioned is in fact my authorised server..
0 Kudos
cenk sasmaztin
Honored Contributor

тАО07-14-2008 02:17 AM

тАО07-14-2008 02:17 AM

Re: DHCP-Snooping HP2626 (H_10_50)

hi
please send me sh tech command print
cenk

0 Kudos
dencom
New Member

тАО07-14-2008 03:02 AM

тАО07-14-2008 03:02 AM

Re: DHCP-Snooping HP2626 (H_10_50)

see attachement..
0 Kudos
cenk sasmaztin
Honored Contributor

тАО07-14-2008 03:33 AM

тАО07-14-2008 03:33 AM

Re: DHCP-Snooping HP2626 (H_10_50)

please check other 2626 switch on int 25

are you make dhcp-snoop config on other 2626 switch?

you can must be config on other 2626 switch

dhcp-snooping enable
dhcp authorized server same ip
and all port untrust only uplink port must be trust port

I see on switch int 25 very dhcp snooping warning log other unauthorized dhcp server address(on other 2626 switch)
malicious dhcp server mac address 001a4ba44ad7 this device adsl modem or wireless access point

please check and make other switch dhcp snooping config

cenk
cenk

0 Kudos
dencom
New Member

тАО07-17-2008 09:54 PM

тАО07-17-2008 09:54 PM

Re: DHCP-Snooping HP2626 (H_10_50)

Hey Cenk,

I've tried this week to activate DHCP snooping on other switches as well (3 time 2626). I have trusted ports 25,26 and added the authorised server in all switched, deactivted option 82 and verify mac.

So far i have come to the conclusion that DHCP snooping worksfine in the first switch..Clients connected to the second and third switch still don't get DHCP responses.... any idea what's going wrong??

Thanks again for your respons!
Arnoud
0 Kudos
cenk sasmaztin
Honored Contributor

тАО07-18-2008 04:30 AM

тАО07-18-2008 04:30 AM

Re: DHCP-Snooping HP2626 (H_10_50)

hi dencom all uplink port must be trust port

please check

trust port
authorized server and uplink port(between switch )

untrust port all pc

cenk
cenk

0 Kudos
dencom
New Member

тАО07-21-2008 08:42 AM

тАО07-21-2008 08:42 AM

Re: DHCP-Snooping HP2626 (H_10_50)

Just to let you know that we had contact with HP as well. They replied to all our settings were ok, but you should reboot the switch when you have enabled DHCP-Snooping. 'It needs to be rebooted for the authorized server to be added to table'

Thanks for your responses!

Arnoud
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.