DHCP Snooping !
MCL.Nicolas
Member Posts: 3 ■□□□□□□□□□
in CCNP
I have configured 2 cisco routers that act as DHCP Server. They work well , I'm leasing some IP with that stuff . Now for my lab , I'm using one router as DHCP ROGUE and another one as DHCP Server
they are both in the same subnet and I wanted to try the DHCP Snooping feature offered by my Cisco 3550
Here is the config of the switch :
ip dhcp snooping vlan 1
ip dhcp snooping
ip dhcp snooping information option
interface FastEthernet0/1
description ***PC THAT NEED IP ADDRESS***
switchport mode access
switchport port-security
switchport port-security mac-address sticky
switchport port-security mac-address sticky 0000.0000.0001
spanning-tree portfast
spanning-tree bpdufilter enable
interface FastEthernet0/47
description ***DHCP-ROGUE***
switchport mode access
switchport port-security
switchport port-security mac-address sticky
switchport port-security mac-address sticky blablabalb
spanning-tree portfast
spanning-tree bpdufilter enable
!
interface FastEthernet0/48
description ***DHCP-SERVER***
switchport mode access
switchport port-security
switchport port-security mac-address sticky
switchport port-security mac-address sticky blblabalba
spanning-tree portfast
spanning-tree bpdufilter enable
ip dhcp snooping trust
!
Switch#show ip dhcp snooping
Switch DHCP snooping is enabled
DHCP snooping is configured on following VLANs:
1
DHCP snooping is operational on following VLANs:
1
DHCP snooping is configured on the following L3 Interfaces:
Insertion of option 82 is enabled
circuit-id format: vlan-mod-port
remote-id format: MAC
Option 82 on untrusted port is not allowed
Verification of hwaddr field is enabled
Verification of giaddr field is enabled
DHCP snooping trust/rate is configured on the following Interfaces:
Interface Trusted Rate limit (pps)
FastEthernet0/48 yes unlimited
I don't get why the fa0/1 computer cant get an IP address ....
Thanks if you can enlight me
they are both in the same subnet and I wanted to try the DHCP Snooping feature offered by my Cisco 3550
Here is the config of the switch :
ip dhcp snooping vlan 1
ip dhcp snooping
ip dhcp snooping information option
interface FastEthernet0/1
description ***PC THAT NEED IP ADDRESS***
switchport mode access
switchport port-security
switchport port-security mac-address sticky
switchport port-security mac-address sticky 0000.0000.0001
spanning-tree portfast
spanning-tree bpdufilter enable
interface FastEthernet0/47
description ***DHCP-ROGUE***
switchport mode access
switchport port-security
switchport port-security mac-address sticky
switchport port-security mac-address sticky blablabalb
spanning-tree portfast
spanning-tree bpdufilter enable
!
interface FastEthernet0/48
description ***DHCP-SERVER***
switchport mode access
switchport port-security
switchport port-security mac-address sticky
switchport port-security mac-address sticky blblabalba
spanning-tree portfast
spanning-tree bpdufilter enable
ip dhcp snooping trust
!
Switch#show ip dhcp snooping
Switch DHCP snooping is enabled
DHCP snooping is configured on following VLANs:
1
DHCP snooping is operational on following VLANs:
1
DHCP snooping is configured on the following L3 Interfaces:
Insertion of option 82 is enabled
circuit-id format: vlan-mod-port
remote-id format: MAC
Option 82 on untrusted port is not allowed
Verification of hwaddr field is enabled
Verification of giaddr field is enabled
DHCP snooping trust/rate is configured on the following Interfaces:
Interface Trusted Rate limit (pps)
FastEthernet0/48 yes unlimited
I don't get why the fa0/1 computer cant get an IP address ....
Thanks if you can enlight me
Comments
-
bugsy
Member Posts: 10 ■□□□□□□□□□
I had the same problem, and if I remember correctly I solved it by turning off dhcp option 82 insertion.
Router(config)#no ip dhcp snooping information option
If that don't work,try running debugs (both on the switches and the dhcp server) to see if it gives you any indication what might be wrong.