Wired Intelligent Edge

 View Only

  • 1.  DHCP-Snooping error on trust port from trusted server?

    Posted Jan 10, 2020 11:30 AM

    I am receiving this error message on some of my switches that have dhcp-snooping enabled:

    W 01/13/90 22:22:40 00856 dhcp-snoop: backplane: Received untrusted relay info from client 000c29-5430bd on port 9

    The MAC address shown is the MAC of our DHCP server, and the port is the link port that is trusted.

     

    Here is my configuration on the user switch:
    dhcp-snooping authorized-server 192.168.0.20
    dhcp-snooping authorized-server 192.168.46.2
    dhcp-snooping authorized-server 192.168.46.3
    dhcp-snooping vlan 1 2 3 4 5

    dhcpv6-snooping
    dhcpv6-snooping vlan 1 2 3 4 5
    dhcpv6-snooping authorized-server 100::64
    interface 9
    dhcp-snooping trust
    dhcpv6-snooping trust
    exit
    interface 10
    dhcp-snooping trust
    dhcpv6-snooping trust
    exit

    DHCP Snooping Information

    DHCP Snooping : Yes
    Enabled VLANs : 1 2 3 4 5
    Verify MAC address : Yes
    Option 82 untrusted policy : drop
    Option 82 insertion : Yes
    Option 82 remote-id : mac
    Store lease database : Not configured

     

    Here is my configuration on the core switch that acts as a relay:

    dhcp-snooping
    dhcp-snooping authorized-server 192.168.0.20
    dhcp-snooping authorized-server 192.168.46.2
    dhcp-snooping authorized-server 192.168.46.3
    dhcp-snooping vlan 1 2 3 4 5
    dhcpv6-snooping
    dhcpv6-snooping vlan 1 2 3 4 5
    dhcpv6-snooping authorized-server 100::64

    interface 1-12
    dhcp-snooping trust
    exit
    interface 37-48
    dhcp-snooping trust
    dhcpv6-snooping trust

    vlan 1
    untagged 1-18
    tagged 37-48
    ip address 192.168.0.120 255.255.252.0
    exit
    vlan 2
    tagged 37-48
    ip address 192.168.1.4 255.255.254.0
    ip helper-address 192.168.0.20
    exit
    vlan 3
    untagged 25-36
    tagged 37-48
    ip address 192.168.2.4 255.255.255.0
    ip helper-address 192.168.0.20
    exit
    vlan 4
    name "Wireless"
    tagged 37-48
    ip address 192.168.3.4 255.255.254.0
    ip helper-address 192.168.0.20
    exit
    vlan 5
    untagged 19-24
    tagged 37-48
    no ip address
    ip helper-address 192.168.0.20
    exit

     

    DHCP Snooping : Yes
    Enabled VLANs : 1 2 3 4 5
    Verify MAC address : Yes
    Option 82 untrusted policy : drop
    Option 82 insertion : Yes
    Option 82 remote-id : mac
    Store lease database : Not configured

     

    I am not understanding how it could be receiving untrusted relay info from the authorized server on an authorized port. Any help would be appreciated. 



  • 2.  RE: DHCP-Snooping error on trust port from trusted server?

    Posted Jan 13, 2020 06:56 AM

    What firmware release ?

     

    Do you have a pcap ? for check ?

     

    Do you have open a case to TAC ?



  • 3.  RE: DHCP-Snooping error on trust port from trusted server?

    Posted Jan 13, 2020 04:20 PM

    Thanks for the reply! Version is YA.16.06.0006. I ran a pcap and the only DHCP traffic I saw besides broadcasts was either from 192.168.0.20 or 192.168.46.2, which are both authorized servers. I haven't opened a TAC quite yet as that usually takes hours and I'd like to check here first. That will be my next step. 



  • 4.  RE: DHCP-Snooping error on trust port from trusted server?

    Posted Jan 14, 2020 05:22 AM
    @dburns865 wrote:

    Thanks for the reply! Version is YA.16.06.0006. I ran a pcap and the only DHCP traffic I saw besides broadcasts was either from 192.168.0.20 or 192.168.46.2, which are both authorized servers. I haven't opened a TAC quite yet as that usually takes hours and I'd like to check here first. That will be my next step. 

    Try to upgrade before 16.06.0006 is very old...



Related Content