HPE Community
Aruba & ProVision-based
1753302 Members
6753 Online
108792 Solutions
New Discussion

Re: [DHCP-Snooping] 2910al-48G

 
toto174
Occasional Contributor

‎10-13-2014 07:31 AM - last edited on ‎10-13-2014 06:59 PM by

‎10-13-2014 07:31 AM - last edited on ‎10-13-2014 06:59 PM by

[DHCP-Snooping] 2910al-48G

Hi,

 

I've got some trouble to put dhcp-snooping with multi-vlan :

On a Procurv HP2910-al -G48, with :

- Software revision : W.15.14.0007

- ROM Version : W.14.06

 

The output from : show dhcp-snooping

DHCP Snooping Information

DHCP Snooping : Yes
Enabled VLANs : 3 31 70
Verify MAC address : Yes
Option 82 untrusted policy : drop
Option 82 insertion : Yes
Option 82 remote-id : mac
Store lease database : Not configured

Authorized Servers
------------------
172.20.180.104

Max Current Bindings
Port Trust Bindings Static Dynamic
----- ----- -------- ----------------
2 No - - 1
4 No - - 1
Trk1 Yes - - -

 

[snip]

dhcp-snooping
dhcp-snooping authorized-server 172.20.180.104

dhcp-snooping vlan 3 31 70

trunk 47-48 trk1 trunk

interface Trk1
  dhcp-snooping trust
exit

[snip]

 

Without dhcp-snooping, it works fine : i've get an ip address from the good subnet.

With dhcp-snooping enabled, in some subnet, i can get an ip address, but never from vlan 70.

 

I've enabled "debug" :

debug destination session
debug security dhcp-snooping

 

and i got thiese messages :

 

0000:05:29:18.14 DSNP mIpPktRecv:DHCP INFORM: port Trk1, vid 3, from
F4CE46-xxxx, allow: broadcast on trusted input port to trusted output
ports.
0000:05:29:18.93 DSNP mIpPktRecv:DHCP INFORM: port Trk1, vid 3, from
1458D0-xxxx, allow: broadcast on trusted input port to trusted output
ports.
0000:05:29:19.31 DSNP mIpPktRecv:DHCP DISCOVER: port 12, vid 70, from
68B599-xxxx requested: 172.20.3.104, allow: broadcast on untrusted input
port to trusted output ports.

 

vlan 3 : 172.20.3.0/24

vlan 31 : 172.20.31.0/24

vlan 70 : 172.20.70.0/24

 

So, from the port 12, i should get an ip address on the subnet : 172.20.70.0/24.

But the i can't get anything.

 

If i passed that port to another vlan (3,31), it's ok.

 

So, why could i not get an ip from the dhcp server on the vlan 70 when dhcp-snooping enabled ?

 

Thank you in advance for your help.

 

P.S. This thread has been moved from Switches, Hubs, Modems (Legacy ITRC forum) to ProCurve / ProVision-Based. -HP Forum Moderator

 

 

 

 

 

0 Kudos
2 REPLIES 2
toto174
Occasional Contributor

‎10-13-2014 07:34 AM

‎10-13-2014 07:34 AM

Re: [DHCP-Snooping] 2910al-48G


Port Information Mode Unknown VLAN Status
---------------- -------- ------------ ----------
12 Untagged Learn Up
Trk1 Tagged Learn Up

 

 

0 Kudos
sheikmohameds
Frequent Visitor

‎12-02-2015 10:06 PM

‎12-02-2015 10:06 PM

Re: [DHCP-Snooping] 2910al-48G

Anyone Resolve this issue ..I also faced on same concept which is am using smb model switch 5406 zl2  ??

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.