Wired Intelligent Edge

Hey,

I set up DHCP snooping with no other problems using the default configuration:

dhcp-snooping
interface 50
dhcp-snooping trust
exit

Things work as I expect on the untrusted ports (clients can obtain leases, but cannot serve). My problem is that I need to have the switch obtain its own management IP address(es) using DHCP, which doesn't seem to work. With no changes whatsoever to the configuration except for disabling DHCP snooping, this works perfectly. When I turn on DHCP snooping, the DHCP server receives the DHCPDISCOVER from the switch, and returns a DHCPOFFER. At that point I can see the traffic at another point on the network, but it seems to be dropped by the switch. show dhcp-snooping stats shows no drops due to DHCP snooping, and even with all "debug dhcp-snooping" logging options on, nothing is logged. As soon as I disable DHCP snooping again, the switch is able to get a lease once more.

I'm using release H.10.50.

If you think it would help, I can attach the rest of my configuration, or preferably just the relevant portions.

Thank you for your time!
#DHCP

hi
if you wandt make dhcp snooping config

1-you create management vlan and all vlan ip address static

2-you make dhcp server and all uplink port trus all other port untrust.

good luck

Thank you for the response.

Am I correct in assuming, based on what you said, that it is not possible to use DHCP to obtain IP addresses for the management interface while DHCP snooping is enabled?

We are going to be using static assignment for management of the switches soon, but I'd appreciate clarification if anyone has any.

Thanks again!

I had a quick look through the documentation and couldn't find anything definitive on whether DHCP snooping can or cannot be used in conjunction with a DHCP obtained address for the switch.

In my mind, I would think that you would require a static address for this feature to function.

If you haven't already have a look at page 80 onwards that has a good overview of DHCP snooping that is implemented on the 2600 series.

http://cdn.procurve.com/training/Manuals/2600-RelNotes-h1050-59906003.pdf

Cheers,
Joel

Hi !

We had a odd problem with dhcp-snooping
and "option 82"

Solution was this command :

no dhcp-relay

hi GordonS

you create dhcp snooping config.
if your dhcp server with client in same subnet you make option 82 disable

2510-24(config)# no dhcp-snooping option 82
2510-24(config)# sh dhcp-snooping

DHCP Snooping Information

DHCP Snooping : Yes
Enabled Vlans :
Verify MAC : Yes
Option 82 untrusted policy : drop
Option 82 Insertion : No

Store lease database : Not configured

Port Trust
---- -----
1 No
2 No
3 No
4 No
5 No
6 No
7 No
8 No
9 No
10 No
-- MORE --, next page: Space, next line: Enter, quit: Control-C
good luck...

Thanks to everyone for the replies!

While I'm unable to get a DHCP lease for the switch for management (arguably we should be using static configuration anyway), a combination of the previous two replies (no dhcp-relay and no dhcp-snooping option 82) clears up the other issues I was having.