HPE Community
Aruba & ProVision-based
1752805 Members
5761 Online
108789 Solutions
New Discussion юеВ

Re: DHCP snooping issue (2650)

 
SOLVED
Go to solution
GordonS
New Member

тАО04-24-2008 02:44 PM

тАО04-24-2008 02:44 PM

DHCP snooping issue (2650)

Hey,

I set up DHCP snooping with no other problems using the default configuration:

dhcp-snooping
interface 50
dhcp-snooping trust
exit

Things work as I expect on the untrusted ports (clients can obtain leases, but cannot serve). My problem is that I need to have the switch obtain its own management IP address(es) using DHCP, which doesn't seem to work. With no changes whatsoever to the configuration except for disabling DHCP snooping, this works perfectly. When I turn on DHCP snooping, the DHCP server receives the DHCPDISCOVER from the switch, and returns a DHCPOFFER. At that point I can see the traffic at another point on the network, but it seems to be dropped by the switch. show dhcp-snooping stats shows no drops due to DHCP snooping, and even with all "debug dhcp-snooping" logging options on, nothing is logged. As soon as I disable DHCP snooping again, the switch is able to get a lease once more.

I'm using release H.10.50.

If you think it would help, I can attach the rest of my configuration, or preferably just the relevant portions.

Thank you for your time!
0 Kudos
6 REPLIES 6
cenk sasmaztin
Honored Contributor

тАО04-25-2008 08:40 AM

тАО04-25-2008 08:40 AM

Re: DHCP snooping issue (2650)

hi
if you wandt make dhcp snooping config

1-you create management vlan and all vlan ip address static

2-you make dhcp server and all uplink port trus all other port untrust.

good luck
cenk

GordonS
New Member

тАО04-25-2008 09:11 AM

тАО04-25-2008 09:11 AM

Re: DHCP snooping issue (2650)

Thank you for the response.

Am I correct in assuming, based on what you said, that it is not possible to use DHCP to obtain IP addresses for the management interface while DHCP snooping is enabled?

We are going to be using static assignment for management of the switches soon, but I'd appreciate clarification if anyone has any.

Thanks again!
0 Kudos
Joel Belizario
Trusted Contributor

тАО04-25-2008 02:23 PM

тАО04-25-2008 02:23 PM

Re: DHCP snooping issue (2650)

I had a quick look through the documentation and couldn't find anything definitive on whether DHCP snooping can or cannot be used in conjunction with a DHCP obtained address for the switch.

In my mind, I would think that you would require a static address for this feature to function.

If you haven't already have a look at page 80 onwards that has a good overview of DHCP snooping that is implemented on the 2600 series.

http://cdn.procurve.com/training/Manuals/2600-RelNotes-h1050-59906003.pdf

Cheers,
Joel
0 Kudos
Roar Pettersen_1
Advisor

тАО04-30-2008 01:55 AM

тАО04-30-2008 01:55 AM

Solution

Re: DHCP snooping issue (2650)

Hi !

We had a odd problem with dhcp-snooping
and "option 82"

Solution was this command :

no dhcp-relay

cenk sasmaztin
Honored Contributor

тАО04-30-2008 11:04 PM

тАО04-30-2008 11:04 PM

Re: DHCP snooping issue (2650)

hi GordonS

you create dhcp snooping config.
if your dhcp server with client in same subnet you make option 82 disable

2510-24(config)# no dhcp-snooping option 82
2510-24(config)# sh dhcp-snooping

DHCP Snooping Information

DHCP Snooping : Yes
Enabled Vlans :
Verify MAC : Yes
Option 82 untrusted policy : drop
Option 82 Insertion : No

Store lease database : Not configured

Port Trust
---- -----
1 No
2 No
3 No
4 No
5 No
6 No
7 No
8 No
9 No
10 No
-- MORE --, next page: Space, next line: Enter, quit: Control-C
good luck...
cenk

GordonS
New Member

тАО05-01-2008 08:42 AM

тАО05-01-2008 08:42 AM

Re: DHCP snooping issue (2650)

Thanks to everyone for the replies!

While I'm unable to get a DHCP lease for the switch for management (arguably we should be using static configuration anyway), a combination of the previous two replies (no dhcp-relay and no dhcp-snooping option 82) clears up the other issues I was having.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.