- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Re: DHCP-Snooping Problem on HP5412zl with DHCP-Re...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-14-2009 03:59 AM
тАО10-14-2009 03:59 AM
Everything works fine except one thing:
When a client should use a adress from the Reservation Pool deployed by the DHCP-Server, it can take up to 20 Minutes until the client gets it┬┤s adress from that pool.
After turning off the dhcp-snooping - the same client gets its adress (from the Reservation Pool) quickly.
This behaviour occurs only by DHCP Reservation Addresses - all other Adresses works fine.
So is there a problem with "snooping" ?
Thank you for your help.
ulli
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-14-2009 05:35 AM
тАО10-14-2009 05:35 AM
Re: DHCP-Snooping Problem on HP5412zl with DHCP-Reservations
Any errors in logs? Try tcpdump to look at what's going on on the wire.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-15-2009 12:05 AM
тАО10-15-2009 12:05 AM
Re: DHCP-Snooping Problem on HP5412zl with DHCP-Reservations
check (and post) output from "show dhcp-snooping" and "show dhcp-snooping stats".
maybe this gives some clue.
page 11-5 and -6 from the "access and security guide" say default option-82 is added when dhcp-snooping is configured.
page 11-9 tells more about this option.
It also has a remark about requests where option-82 is allredy present (edge switch with dhcp-snooping enabled).
Check behaviour when this option is off.
You can also configure the port connected to the DHCP-server as "trusted". So the switch knows DHCP-server packets from this port are legal.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-15-2009 12:58 AM
тАО10-15-2009 12:58 AM
Re: DHCP-Snooping Problem on HP5412zl with DHCP-Reservations
Please have a look at the attachment - where you can find the config.
On the client i have entered ipconifg / release Command - and after a while ipconfig / renew to cause the client to renew its IP-address. The next lines in the Syslog server gives a NACK for the client requests - for 12 Minutes.
After that time - the client gets its ipAdress - but i don├В┬┤t know why this happens.... This behaviour is strange...
As you wrote, i have switched off the Option 82 - but nothing changed.
I m not sure, did i have something forgotten ?
ulli
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-15-2009 01:38 AM
тАО10-15-2009 01:38 AM
Re: DHCP-Snooping Problem on HP5412zl with DHCP-Reservations
Oct 15 10:25:28 10.99.3.125 DSNP: DSNP mIpPktRecv:DHCP NACK for 000B5D-2A26A9 received
Oct 15 10:25:10 10.99.3.125 DSNP: DSNP mIpPktRecv:BOOTREQUEST 000B5D-2A26A9 allow: output port 21 trusted <- IPCONFIG / RENEW
I read this as :
- the client with mac-address 000B5D-2A26A9 sends a DHCP-address
- the request is forwarded to "trusted" port 21
- the server at this port responds with a nack
- subsequent requests are not forwarded anymore to port-21 but only to other trusted ports in vlan-99
do you have multiple dhcp-servers?
if so do they have the same reservations?
what's connected to port-21?
Is this also vlan-99?
if not, what vlan is the dhcp-server connected and more detail about vlan's/subnets/ ip-helpers, dhcp-scopes.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-15-2009 09:29 PM
тАО10-15-2009 09:29 PM
Re: DHCP-Snooping Problem on HP5412zl with DHCP-Reservations
thanks for your answer.
We have only one DHCP Server on trustetd Port 21 which is the uplink in the backbone. The vlan-99 is tagged on Port 21 - where the clients are untagged in VLAN 99.
The DHCP Server is located in the Default VLAN - therefore we have the ip helper address in the Vlan 99 configuration on all 20 Campus Switches. Can this be the reason ? Too much ip-helpers ?
Normaly, whitout dhcp-snooping enabled, everything works fine. The client get its ip-adress - and it makes no difference if the adress is from the reservation pool - or not.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-15-2009 10:26 PM
тАО10-15-2009 10:26 PM
Re: DHCP-Snooping Problem on HP5412zl with DHCP-Reservations
>>>Too much ip-helpers ? <<<
the ip-helper only needs to be configured on the device that does the routing for vlan-99/subnet to the subnet where the dhcp-server is
As the dhcp-request is a broadcast, probably all current-ip-helpers (edge switches) try to help :-D but fail to do so resulting in all the NACK's :-(
As the client gets so many nacks it probably misses the offer from the real dhcp server.
unless this is one of the first responses.
So what is the default-gateway for the vlan-99 subnet?
There you must configure the ip-helper.
This could be in the backbone, not the edge.
If other edge switches service other vlan's, then the router for each vlan needs it's own ip helper config.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-15-2009 10:32 PM
тАО10-15-2009 10:32 PM
Re: DHCP-Snooping Problem on HP5412zl with DHCP-Reservations
As the NACKs come from the same port (uplink)
for both the other edge switches as where the dhcp-offer should come from, DHCP-snooping cannot distinguish between the response from the dhcp-server and those fromm the other "helpers".
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-16-2009 12:25 AM
тАО10-16-2009 12:25 AM
Re: DHCP-Snooping Problem on HP5412zl with DHCP-Reservations
At our Campus, there are 30 Edge Devices (Switches) and everyone of them has had the ip helper in VLAN 99 enabled.
As your wrote, i removed them all - only at the Core Device there is the ip helper enabled.
So now, the only one ip helper in VLAN 99 is located in the Core Device.
Now, it seems to be working !!! But we will make further tests, to be sure about the solution.
I will give you a feedback at Monday.
Thank you for your assistance.
ulli
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-19-2009 05:34 AM
тАО10-19-2009 05:34 AM
Re: DHCP-Snooping Problem on HP5412zl with DHCP-Reservations
Everything works fine - even with the reservations!
So we are happy, that the "snooping" works fine.
Thank you - for helping us to solve our problem.
Ulli