IOS 15.0(2)SE5 DHCP Snooping Problem

Similar Messages

• Can I use DHCP snooping and IOS DHCP server on the same switch stack

  Hello,
  I am shortly going to be deploying a Cisco CallManager solution for a customer whose network comprises stacks of Catalyst 3850 switches.
  There is no separate core/server farm switch so the CallManager servers, voice gateways and IP phones will all plug into the same stack and be in the same VLAN (not my choice!).
  For security we want to enable DHCP snooping and were planning on using the IOS DHCP server on the Catalyst switch stack.
  Will this work? - when I enable DHCP snooping in networks with separate access layer switches I set the uplinks to the core as trusted links.
  I am not sure whether DHCP snooping will work in this case. Do I need to set the VLAN interface on the switch as trusted, is this even possible?
  Unfortunately I do not have access to a layer 3 switch to test this at the moment.
  Thanks

  Nope.  That's the issue.
  They'll sync on a third device acting as a hotspot, but the device sending a signal is not "on" the network it creates so the airport is all by itself on that network.  At least that is what it looks like to me.  Anyone have another take on it?  Seems pretty silly that an iPad can put out a wifi signal, an Airport Express can receive a wifi signal, and yet there is no simple way to get them to communicate under this particular condition.

• C2950 IOS for DHCP Snooping and DAI

  hi all,
  anyone knows what image i would need for my 2950 to enable DHCP snooping and DAI features (just for lab purpose)?
  or are these features just available on the bigger modular switches (4500 and 6500)?
  >sh ver
  Cisco Internetwork Operating System Software
  IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(22)EA8a, RELEASE SOFTWARE (fc1)
  Copyright (c) 1986-2006 by cisco Systems, Inc.
  Compiled Fri 28-Jul-06 15:16 by weiliu
  Image text-base: 0x80010000, data-base: 0x8056A000
  Switch(config)#ip dhcp snooping ?
    information  DHCP Snooping information
    vlan         DHCP Snooping vlan
    <cr>
  Switch(config)#ip arp ?
  % Unrecognized command

  Hi Alain,
  Thanks for this info! I've read you're CCNA Security.
  Just curious, are you gonna write your CCNP Security soon?
  Could you recommend a good lab switch for SECURE?
  Sent from Cisco Technical Support iPad App

• Illegal dhcp (DHCP Snooping )

  hi,
  in my network , where there is a dhcp (i use dhcp relay on my layer 3 switch),
  often someone connect a pc with a service of dhcp service active , and this produces a problem.
  i read in cisco.com and i find the documentation about how to fix this problem.
  DHCP Snooping is the solution.
  The release on my cisco 6509 with msfc2 not support this feature.
  WHAT DO YOU THINK ABOUT IT ?
  HAVE YOU A LINK WITH AN EXAMPLE OF ALTERNATIVE METHODS?
  Thanks
  FC

  my version are:
  IOS (tm) MSFC2 Software (C6MSFC2-JSV-M), Version 12.1(11b)E4
  in CAT OS
  WS-C6509 Software, Version NmpSW: 7.6(8)
  Step 1. (Permit DHCP response from host 1.2.3.4). "set security acl ip SERVER permit udp host 1.2.3.4 any eq 68"
  Step 2. (Deny DHCP responses from any other host). "set security acl ip SERVER deny udp any any eq 68"
  Step 3. (Permit other IP traffic). "set security acl ip SERVER permit any any"
  Step 4.(Commit the VACL)."commit security acl SERVER"
  Step 5.(Map the VACL to VLAN 10 for example). "set security acl map SERVER 10"
  WHAT DO YOU THINK ABOUT MY CONFIGURATION?
  Thanks
  FC

• IP DHCP snooping, IP source Guard, and DIA

  Hi All,
  I have Configured DHCP snooping and IP source guard and Dynamic arp inspection on my 3560 and 3750 Network Switches,
  on both of them I'm facing that issue. (the printers and access points are configured to get ip addresses via DHCP), but when the lease time expires, they don't get ip addresses, and become unreacheable.
  while all other clients get thier ip addresses normally
  below you can find the Configuration configuration
  ip dhcp snooping vlan 98,105,111
  no ip dhcp snooping information option
  ip dhcp snooping database flash:dhcpsnooping
  ip dhcp snooping database write-delay 15
  ip dhcp snooping
  ip arp inspection vlan 98,105,111
  ip verify trust on all access ports including printers and access point ports
  all access ports are DHCP snooping untrusted
  also when I create a static dhcp snooping binding record for these devices on the switch it resolves the Issue, but when I reload the switch it's removed automatically.
  any resolution will be much appreciated.
  regards,
  Maher

  check the following link for configuration of DHCP snooping
  http://packetlife.net/blog/2010/aug/18/dhcp-snooping-and-dynamic-arp-inspection/
  http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/snoodhcp.html

• DHCP snooping on SUP2 / MSFC2

  The question is: is there such thing?  The bits and pieces of info I've found kind of contradict each other (some say it's been there since IOS SXE, some say it's not supported at all) - the fact is, we have a 6509 in our network running s222-adventerprisek9_wan-mz.122-18.SXF17a.bin on which "ip dhcp snooping" doesn't seem to be available, either in global or interface config mode...
  Thank you.

  Hi,
  Looking at the configuration for your IOS version.
  http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SXF/native/configuration/guide/swcg/snoodhcp.html
  You need a PFC3 st support ip dhcp snooping
  Configuring DHCP Snooping
  This chapter describes how to configure Dynamic Host Configuration Protocol (DHCP) snooping on Catalyst 6500 series switches.
  Note•The DHCP snooping feature requires PFC3 and Release 12.2(18)SXE and later releases. The PFC2 does not support DHCP snooping.
  •For complete syntax and usage information for the commands used in this chapter, refer to the Cisco IOS Master Command List, Release 12.2SX at this URL:
  http://www.cisco.com/en/US/docs/ios/mcl/allreleasemcl/all_book.html
  Regards,
  Alex.
  Please rate useful posts.

• ME3400 dhcp snooping database restore

  Hi guys,
  NTP synchronization on ME3400 takes around 10 minutes and I couldn not find way to reduce it.
  The problem is with restoring dhcp snooping database from flash/tftp after switch boots up.
  Database is restored after clock synchronization, but 10 minutes is to long as users with snooping/DAI are blocked until snooping database is restored.
  As ME3400 does not have hw clock, option with restoring clock after it boots up is not available.
  Does anyone had similar problem?
  Please share any idea/proposal how to overcome this issue.
  Many thanks,
  Grgo

  Hi Sunil, that was the last idea I had got.
  The one before the last was write on this support forum.
  So I tried everythink but  reboot. Which is little bit strange solution.
  Thank you.

• FS300-24s, Enable IP DHCP Snooping

  Hi everyone,
  I have 5 sites with FS300-24 and i have a big problem with DHCP.
  On the catalist switches is easy to enable DHCP snooping and Configure “trusted” DHCP ports.
  Is there a way to configure this on fs300-24?
  Any help would be appreciated.
  Albert

  Hello
  1) requires to active ip dhcp snooping the ip dhscp snooping vlan xx - Completed
  2) if applied to one switch with uplinks switches, then the uplink switch will require snooping enabled also and its trunk links trusted  ONLY if the dhcp server is originating from the uplink switch.- Completed 
  3) if dhcp server is attached to the same switch as the snooping database then just trust
   the interface where the server is situated - Completed
  FYI - As long as interfaces are trusted the snooping database does nothing else.
  It listens on the the untrsuted ports and snoops the ip & macs.
  Snooping database WILL NOT be populated with exisitng clients,
  it will populate next time dhcp renews
  res
  Paul

• LAN was down ie Users are not getting ip from DHCP server after enabling DHCP snooping

  Hi All ,
  Enclosed file has network connectivity diagram.
  1. L3 vlan's ie 2,3,4,5 and 6 are configured on ACC-CR1 and ACC-CR2. 
  2.Trunk is configured between Core switches ( CR1 and CR2) and access switches .VTP mode is transparent on all switches.L2 vlans are configured on all access switches.
  3.DHCP is server is located at different location and is reachable over MPLS.
  Without enabling dhcp snooping , users connected to access switches (Sw1,sw2,sw3 and Sw4 ) are getting ip address from DHCP server without any problem and everything is working fine.
  But users connected to Sw3 and Sw4 are getting ip address from rouge DHCP server which is not pingable from any one of the switch.
  So we have configured DHCP snooping for all vlan's on CR1 , CR2 , SW3 and SW4 and "trusted uplink ports" which are connected to WAN routers from CR1 and CR2  and also "trusted uplink ports " of Sw3 and Sw4 which are connected to CR1 and CR2.
  As soon we have enabled DHCP snooping and trusted respective uplink ports , users are not getting ip address from remote DHCP server and even users connected to Sw1 and SW2 are facing same issue.
  Note : DHCP snooping is not configured on SW1 and SW2.
  Why users are not getting ip address from remote DHCP server as soon as we enabled dhcp snooping on Core switches and two access switches ie sw3 and sw4 ? what could have caused DHCP packets to be dropped ? Any idea would be appreciated .

  Hi,
  as you say: " HSRP is configured between CR1 and CR2 and Vlans are active on CR1" does it mean there are L3 intrefaces configured in each VLAN on your CR switches and ip hepler-address pointing to the remote DHCP server is configured on each of them?
  I know it's difficult in a productive environment but IMHO you need to find out where are the DHCP offers dropped.
  Either by enabling DHCP debugging or by capturing packets via Wireshark, e.g.
  Best regards,
  Milan

• Does 3550/3560 support static dhcp snooping binding?

  Hi All,
  I'm currently studing DHCP snooping.
  Just found there is no 'ip dhcp snooping bindg' syntax on 3550/3560, Is there any way to add static dhcp snooping entry?
  If there is no way, and the switch intruduced ip arp inspect and ip source guard, and a untrust port connected to an end host with static IP address assigned, in such situation, is it right that I have to add static 'ip arp inspection filter' and ' ip source binding' to makes the end host can send packet out?
  Thanks for any comments.
  Regards,
  Yi

  check the following link for configuration of DHCP snooping
  http://packetlife.net/blog/2010/aug/18/dhcp-snooping-and-dynamic-arp-inspection/
  http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/snoodhcp.html

• High cpu with dhcp snooping

  Hi all,
  I am using 2950T and have configured dhcp snooping with this config:
  conf t
  ip dhcp snooping
  ip dhcp snooping vlan 416
  int range fa0/1 - 24
  ip dhcp snooping limit rate 50
  int gig0/1 (Uplink)
  ip dhcp snooping trust
  int gig0/2
  ip dhcp snooping trust (uplink)
  After this the 2950 goes up to 80% cpu, and is barely accessible.
  Have i done something wrong, or will the cpu return to 20%?
  //Robert Pettersson
  senior network engineer, WetterNet

  Well,
  In Cisco Bug Toolkit there are couple of articles which looks similar to yours.
  The first thing to check now is the option-82. It is enabled by default so would be interesting to see what's happen if you disable it.
  Otherwise it would be better if you can open case at Cisco because it could be that your problem depends on some other features enabled on the switch.
  //Mikhail Galiulin

• TS1538 my ipad can not continue to download ios 6.1.2 because of connection problem and it is stuck in connect to itunes image, i cant open it anymore..what should i do? help plz

  my ipad can not continue to download ios 6.1.2 because of connection problem and it is stuck in connect to itunes image, i cant open it anymore..what should i do? help plz

  Connect to iTunes on the computer you usually Sync with and “ Restore “...
  http://support.apple.com/kb/HT1414
  If necessary Place the Device into Recovery mode...
  http://support.apple.com/kb/ht4097
  You may need to try this More than Once...
  Be sure to Follow ALL the Steps...
  But... if the Device has been Modified... this will Not necessarily work.

• After upgrading to ios 6.1, I experienced the following problem: I am no longer able to read the magazine I subscribed (The New Yorker) if I don't have access to internet. If the iPad is on FlightMode I can't read the magazine or the books in iBooks

  After upgrading to ios 6.1, I experienced the following problem: I am no longer able to read the magazine I subscribed (The New Yorker) if I don't have access to internet. If the iPad is on FlightMode I can't read the magazine or the books in iBooks. Can you help me?

  I am having the same problem.  I have a 2nd generation ipad wi-fi only.  All was working great until I upgraded.  NONE of my downloaded magazines or rss-feeds are accessible.    For the magazines, their icons show up on the "shelves" but once you click on one it wont even take you to the "issues" i have downloaded.  it jumps back to the shelf page. 

• After I've upgraded my iPhone iOS to 5.0.1, I got problems with connectivity. If my iPhone lose network, then it gets frozzen and I cannot make calls. After restart the telephone still does not work.

  After I've upgraded my iPhone iOS to 5.0.1, I got problems with connectivity. If my iPhone lose network, then it gets frozzen and I cannot make calls. After restart the telephone still does not work.

  1. Download the iOS 5.0.1: http://www.tobias-hartmann.net/2011/11/download-ios-5-0-1-veroffentlicht-direkte -downloadlinks/
  2. open itunes,Click in iTunes while holding down the Shift key (on Windows) or Alt key (Mac) to restore and firmware

• I've iphone 3GS. ios 5.1.1 i've a problems that it turnoff itslef. when i'm trying to turn it on. it just appear apple logo then go to black . keep trying till gives me battary is empty and must charge it. once i plug in it. its open and i found the batta

  i've iphone 3GS. ios 5.1.1 i've a problems that it turnoff itslef. when i'm trying to turn it on. it just appear apple logo then go to black . keep trying till gives me battary is empty and must charge it. once i plug in it. its open and i found the battary as it 70 % for example( not empty ) if anyone try to call me its appear to me turn off but doesnt give him the mobile is turn off . its rining. please advice

  Basic troubleshooting from the User's Guide is reset, restart, restore (first from backup then as new).  Has any of this been tried?