HPE Community
HPE Aruba Networking & ProVision-based
1832891 Members
2888 Online
110048 Solutions
New Discussion

Re: dhcp-snooping in action

 
TeemuL
Visitor

‎05-26-2015 03:24 AM

‎05-26-2015 03:24 AM

dhcp-snooping in action

Hey,

 

I have enabled dhcp-snooping according to common instructions. Everything is working generally fine but I have two detailed issues that made me change the configuration:

 

1) Enabled dhcp-snooping to many different networks but at least one kind of printers stopped working. They seemd to be replying to ping from same network but can no longer ping from different network. Default gateway was missing/dropped by dhcp-snooping efect some reason. This issue did not occur in any other devices (yet).  Disabling dhcp-snooping on all switches on the way to DHCP-server resolves the issue immediately.

 

- dhcp-snooping stats -command does not show ANY of "drop" packets but do shows "forward" for client and server

- sh log command does not show any entries except link down/up message. I have seen unauthorized server, different mac log entryes... to test if they do create the proper log entryes if needed by misconfiguration or other denied/drop traffic would occur.

 

Any reasons why device by DHCP addressing would (not get gateway)fail to had conversation between other networks after enabling dhcp-snooping?

 

2) One of the newtworks are behind "ip-helper" defined router. Everything in this case is working fine too, exept connection to HP wireless access point management IP wore lost during time (DHCP lease time).

 

Disabling "no dhcp-snooping option 82" solved the issue in this situation but not at the first 1) issue

 

 

Its not possible to configure dhcp-snooping for view mode only?

I do not understand why some device can stop working in this case if no drops and logs are shown of any kind.

0 Kudos
4 REPLIES 4
Vince-Whirlwind
Honored Contributor

‎05-26-2015 05:30 PM

‎05-26-2015 05:30 PM

Re: dhcp-snooping in action

Are you using Procurve or 3Com switches here?

0 Kudos
TeemuL
Visitor

‎05-26-2015 11:37 PM - edited ‎05-26-2015 11:43 PM

‎05-26-2015 11:37 PM - edited ‎05-26-2015 11:43 PM

Re: dhcp-snooping in action

Hey,

 

all are ProCurve.

 

Issue 1)

 

ProCurve new models 2620

"ProCurve HW Name: ProCurve Switch hwid:00 Date: Aug 9 2011 09:08:18 Build: 44 Version: RA.15.05.0006"

 

Cisco ASA between DHCP server configured to dhcp-relay with "set route" option

 

Issue 2)

Also ProCurve new models 2620 and older 2650.

 

HP 5406 between DHCP server configured to "ip-helper address"

 

 

0 Kudos
ibrahim_sms
Occasional Contributor

‎06-07-2015 04:02 AM

‎06-07-2015 04:02 AM

Re: dhcp-snooping in action

I once faced a somehow similar behaviour, I could obtain an IP but some other parameters were missing, it was weird but the issue as far as I remember was a misconfiguration.
Please verify that your DHCP SERVER port(s) have "dhcp-snooping trust",

Please verify that all the uplinks on the way from your DHCP SERVER to the end station are dhcp-snooping trusted as well

 

Regards,

0 Kudos
TeemuL
Visitor

‎06-09-2015 12:26 AM

‎06-09-2015 12:26 AM

Re: dhcp-snooping in action

DHCP server is not located at the "edge" switch. It is located at the datacenters core switch that do not have dhcp-snooping enabled. Therefore any configuration at that switch is not required, right?

 

All the uplinks on the way from clients to core switch are defined as trust ports of cource.

 

Defining any snooping configuration on the core switch that has no dhcp-snooping enabled is irrelevant becouse it has no effect. Anyway all the models do not support it.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.