Ip dhcp snooping issue

   Hi all,
I am having trouble getting the dhcp snooping to work on a stacked 3750 when a rogue DHCP server is plugged in to the network. I have configured dhcp snooping on one of our user switches with the following commands.
ip dhcp snooping
ip dhcp snooping vlan 11
no ip dhcp snooping information option
int range fa1/0/1 - 48
ip dhcp snooping limit rate 100
VLAN Name                             Status    Ports
11   JKT_Net_DHCP_1
interface FastEthernet1/0/43
description DHCP Subnet 1
switchport access vlan 11
switchport mode access
switchport port-security maximum 3
switchport port-security aging time 1440
switchport port-security violation restrict
switchport port-security aging type inactivity
no logging event link-status
no snmp trap link-status
spanning-tree portfast
spanning-tree bpduguard enable
ip dhcp snooping limit rate 100
end
The configuration works in ther fact that users are still getting their IP address info from the DHCP server and i can see all the dhcp snooping bindings on the switch. But I'm having issues where when a rogue dhcp device is plugged in to one of the user ports i.e fa1/0/43 on the user subnet, and do an ipconfig /release /renew on a machine on the same VLAN, i am still getting a DHCPOFFER from the rogue device and the machine ends up with the wrong IP address.
Currrently the real DHCP server sits off a network behind the firewall, with a layer 3 link (running OSPF) between the user switch to the distribution switch. I have enabled the dhcp snooping on the link from the distribution switch to the real DHCP server (shown below).
DHCP snooping trusted interface
interface GigabitEthernet1/0/9
description JKTADC01 - LAC 1
switchport access vlan 21
switchport mode access
no snmp trap link-status
ip dhcp snooping trust
end
I have also attached a network diagram of the network setup.
I would like to stop the rogue server from being able to give out ip addresses.
Can someone shed some light on this topic please?
Kind regards,
Philip

Pawan,
Based on the error messages it looks like you have a mis-configuration. Looks like
one of the trunks/ports does not have DHCP trust configured on it. Can you
track mac address 34dc.fde5.2c40 to what port it's connected to and verify
that it has DHCP trust enabled?.
Haihua

Similar Messages

Can I use DHCP snooping and IOS DHCP server on the same switch stack

Hello,
I am shortly going to be deploying a Cisco CallManager solution for a customer whose network comprises stacks of Catalyst 3850 switches.
There is no separate core/server farm switch so the CallManager servers, voice gateways and IP phones will all plug into the same stack and be in the same VLAN (not my choice!).
For security we want to enable DHCP snooping and were planning on using the IOS DHCP server on the Catalyst switch stack.
Will this work? - when I enable DHCP snooping in networks with separate access layer switches I set the uplinks to the core as trusted links.
I am not sure whether DHCP snooping will work in this case. Do I need to set the VLAN interface on the switch as trusted, is this even possible?
Unfortunately I do not have access to a layer 3 switch to test this at the moment.
Thanks

Nope. That's the issue.
They'll sync on a third device acting as a hotspot, but the device sending a signal is not "on" the network it creates so the airport is all by itself on that network. At least that is what it looks like to me. Anyone have another take on it? Seems pretty silly that an iPad can put out a wifi signal, an Airport Express can receive a wifi signal, and yet there is no simple way to get them to communicate under this particular condition.

IP DHCP snooping, IP source Guard, and DIA

Hi All,
I have Configured DHCP snooping and IP source guard and Dynamic arp inspection on my 3560 and 3750 Network Switches,
on both of them I'm facing that issue. (the printers and access points are configured to get ip addresses via DHCP), but when the lease time expires, they don't get ip addresses, and become unreacheable.
while all other clients get thier ip addresses normally
below you can find the Configuration configuration
ip dhcp snooping vlan 98,105,111
no ip dhcp snooping information option
ip dhcp snooping database flash:dhcpsnooping
ip dhcp snooping database write-delay 15
ip dhcp snooping
ip arp inspection vlan 98,105,111
ip verify trust on all access ports including printers and access point ports
all access ports are DHCP snooping untrusted
also when I create a static dhcp snooping binding record for these devices on the switch it resolves the Issue, but when I reload the switch it's removed automatically.
any resolution will be much appreciated.
regards,
Maher

check the following link for configuration of DHCP snooping
http://packetlife.net/blog/2010/aug/18/dhcp-snooping-and-dynamic-arp-inspection/
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/snoodhcp.html

DHCP snooping setup help

Hi,
Can anyone help me with these setup issues.
The Cat OS config guide chapter "configuring DHCP-snooping and IP source guard" for v8.4 doesnt mention how to:
1) Disable dhcp-snooping
2) configure a destination for the snooping database.
I would like to setup the local flash PCMCIA card as a destination for the DB.
I have found documentation for other releases of CatOS that state how to specify a DB location:
set dhcp-snooping bindings-database <device>:[filename]
However this syntax is not supported in 8.4. With command line auto-complete (the tab key) and/or help there is no option for "bindings-database" available.
Do I need to activate the DB somewhere else in the config?
thanks,

The command to disable DHCP snooping is:disabled the ip dhcp snooping

Enabling DHCP snooping

Hello,
We have a 2960 48 port switch in a remote office with a couple of VLANs (VOIP & Data). The L3 routing is provided via the WAN router and acts as a 'router on a stick' and provides DHCP for both VLANs.
I need to enable DHCP snooping and I have issued the 'ip dhcp snooping trust' on the router port but not for the access ports. I have then added 'ip dhcp snooping' to the switch but not 'ip dhcp snooping vlan x , x' as I was hoping the ip dhcp snooping bindings database would start to fill up after a few days but it hasn't.
If I add 'ip dhcp snooping vlan x , x' I think the users will get issues as there is no database, what should I do as the router is doing the DHCP.
Thanks

You need to identify the vlans where snooping should be implemented using:
ip dhcp snooping vlan #
The default allows dhcp requests on untrusted ports.

ME3400 dhcp snooping database restore

Hi guys,
NTP synchronization on ME3400 takes around 10 minutes and I couldn not find way to reduce it.
The problem is with restoring dhcp snooping database from flash/tftp after switch boots up.
Database is restored after clock synchronization, but 10 minutes is to long as users with snooping/DAI are blocked until snooping database is restored.
As ME3400 does not have hw clock, option with restoring clock after it boots up is not available.
Does anyone had similar problem?
Please share any idea/proposal how to overcome this issue.
Many thanks,
Grgo

Hi Sunil, that was the last idea I had got.
The one before the last was write on this support forum.
So I tried everythink but reboot. Which is little bit strange solution.
Thank you.

Snooping Issue

Hello-
I have a pair of Catalyst 4510s I'm looking to enable DHCP snooping on and looking for some expertise... I have all DCHP clients connected up to the 4k's. The 4k's are connected upstream to a pair of ASA's, then up upstream to a pair of Nexus 7ks. The DHCP servers sit on the 7k's. I have done the following, but am unable to pull an IP.
1. enabled snooping on both 4k's for vlans 1-4094 (ip dhcp snooping vlan 1-4094)
2. trusted the upstream port channel member interfaces (gi1/47 and gi1/48) and the port channel interface itself, by way of (ip dhcp snooping trust)
3. Issued the "no ip dhcp snooping information option" on both 4k's
I am able to pull an IP on my laptop, which I have a reservation created for, but I am not pulling an IP on any other true DHCP clients on the floor. Anyone able to shed some light?
Thanks in advance-
Brian

Hello-
I have a pair of Catalyst 4510s I'm looking to enable DHCP snooping on and looking for some expertise... I have all DCHP clients connected up to the 4k's. The 4k's are connected upstream to a pair of ASA's, then up upstream to a pair of Nexus 7ks. The DHCP servers sit on the 7k's. I have done the following, but am unable to pull an IP.
1. enabled snooping on both 4k's for vlans 1-4094 (ip dhcp snooping vlan 1-4094)
2. trusted the upstream port channel member interfaces (gi1/47 and gi1/48) and the port channel interface itself, by way of (ip dhcp snooping trust)
3. Issued the "no ip dhcp snooping information option" on both 4k's
I am able to pull an IP on my laptop, which I have a reservation created for, but I am not pulling an IP on any other true DHCP clients on the floor. Anyone able to shed some light?
Thanks in advance-
Brian

N7K - Any way to save the DHCP Snooping DB?

Catalyst has 'ip dhcp snooping database' command to save as a file. Cannot find similar command on the Nexus. Without it, wouldn't a reboot cause the DB to come up empty, triggering arp inspection and source guard for legitimate traffic?

Hello Bob,
In the recently releases by default DHCP bindings are not saved persistently across switch reboots. To maintain persistent bindings across switch reboots, use the copy run start command.
When the copy run start command is issued, all bindings that exist at that time are made persistent across switch reboots.

LAN was down ie Users are not getting ip from DHCP server after enabling DHCP snooping

Hi All ,
Enclosed file has network connectivity diagram.
1. L3 vlan's ie 2,3,4,5 and 6 are configured on ACC-CR1 and ACC-CR2.
2.Trunk is configured between Core switches ( CR1 and CR2) and access switches .VTP mode is transparent on all switches.L2 vlans are configured on all access switches.
3.DHCP is server is located at different location and is reachable over MPLS.
Without enabling dhcp snooping , users connected to access switches (Sw1,sw2,sw3 and Sw4 ) are getting ip address from DHCP server without any problem and everything is working fine.
But users connected to Sw3 and Sw4 are getting ip address from rouge DHCP server which is not pingable from any one of the switch.
So we have configured DHCP snooping for all vlan's on CR1 , CR2 , SW3 and SW4 and "trusted uplink ports" which are connected to WAN routers from CR1 and CR2 and also "trusted uplink ports " of Sw3 and Sw4 which are connected to CR1 and CR2.
As soon we have enabled DHCP snooping and trusted respective uplink ports , users are not getting ip address from remote DHCP server and even users connected to Sw1 and SW2 are facing same issue.
Note : DHCP snooping is not configured on SW1 and SW2.
Why users are not getting ip address from remote DHCP server as soon as we enabled dhcp snooping on Core switches and two access switches ie sw3 and sw4 ? what could have caused DHCP packets to be dropped ? Any idea would be appreciated .

Hi,
as you say: " HSRP is configured between CR1 and CR2 and Vlans are active on CR1" does it mean there are L3 intrefaces configured in each VLAN on your CR switches and ip hepler-address pointing to the remote DHCP server is configured on each of them?
I know it's difficult in a productive environment but IMHO you need to find out where are the DHCP offers dropped.
Either by enabling DHCP debugging or by capturing packets via Wireshark, e.g.
Best regards,
Milan

IOS 15.0(2)SE5 DHCP Snooping Problem

I have just upgraded a single production switch from IOS 12.2(50)SE1 to 15.0(2)SE5 to test out new ipv6 security features that we will soon require for our deployment. upon booting into the newer IOS the DHCP snooping feature stopped working, this caused ARP inspection to start dropping traffic so we had to disable it. after going through the normal troublehsooting procedures (check config, reboot, re-apply config, check clients, renew IP address etc) it still is not working.
has anyone else experience this problem or anything similar?
I would be interested to hear from people on recent experiences when upgrading software as we have been having a bad time recently with cisco software across a range of products.

Aurelien
I just tested this on a 2960-S running SE5 with no issues.
2960-1#debug ip dhcp snooping packet
DHCP Snooping Packet debugging is on
2960-1#
Mar 30 01:30:23.963: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Po1 for pak. Was Vl1
Mar 30 01:30:23.963: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Vl1 for pak. Was Po1
Mar 30 01:30:23.963: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Po1 for pak. Was Vl1
Mar 30 01:30:23.963: DHCP_SNOOPING: received new DHCP packet from input interface (Port-channel1)
2960-1#
Mar 30 01:30:23.968: DHCP_SNOOPING: process new DHCP packet, message type: DHCPDISCOVER, input interface: Po1, MAC da: ffff.ffff.ffff, MAC sa: 3037.a696.3640, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 3037.a696.3640
Mar 30 01:30:23.968: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (1)
Mar 30 01:30:23.968: DHCP_SNOOPING_SW: bridge packet send pac
2960-1#ket to cpu port: Vlan1.
Mar 30 01:30:25.976: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Gi0/24 for pak. Was Vl1
Mar 30 01:30:25.976: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Vl1 for pak. Was Gi0/24
Mar 30 01:30:25.976: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Gi0/24 for pak. Was Vl1
Mar 30 01:30:25.976: DHCP_SNOOPING: received new DHCP packet from input interface (GigabitEthernet0/24)
Mar 30 01:30:25.976: DHCP_SNOOPING: process new DHCP packet, message type: DHCPOFFER, inpu
2960-1#t interface: Gi0/24, MAC da: ffff.ffff.ffff, MAC sa: 001c.0e86.6f4a, IP da: 255.255.255.255, IP sa: 172.16.156.33, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 172.16.156.47, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 3037.a696.3640
Mar 30 01:30:25.981: DHCP_SNOOPING: direct forward dhcp replyto output port: Port-channel1.
Mar 30 01:30:25.987: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Po1 for pak. Was Vl1
Mar 30 01:30:25.987: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Vl1 for pak. W
2960-1#as Po1
Mar 30 01:30:25.987: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Po1 for pak. Was Vl1
Mar 30 01:30:25.987: DHCP_SNOOPING: received new DHCP packet from input interface (Port-channel1)
Mar 30 01:30:25.987: DHCP_SNOOPING: process new DHCP packet, message type: DHCPREQUEST, input interface: Po1, MAC da: ffff.ffff.ffff, MAC sa: 3037.a696.3640, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 3037.a696.3
2960-1#640
Mar 30 01:30:25.987: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (1)
Mar 30 01:30:25.987: DHCP_SNOOPING_SW: bridge packet send packet to cpu port: Vlan1.
Mar 30 01:30:25.987: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Gi0/24 for pak. Was Vl1
Mar 30 01:30:25.987: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Vl1 for pak. Was Gi0/24
Mar 30 01:30:25.987: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Gi0/24 for pak. Was Vl
2960-1#1
Mar 30 01:30:25.987: DHCP_SNOOPING: received new DHCP packet from input interface (GigabitEthernet0/24)
Mar 30 01:30:25.992: DHCP_SNOOPING: process new DHCP packet, message type: DHCPACK, input interface: Gi0/24, MAC da: ffff.ffff.ffff, MAC sa: 001c.0e86.6f4a, IP da: 255.255.255.255, IP sa: 172.16.156.33, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 172.16.156.47, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 3037.a696.3640
Mar 30 01:30:25.992: DHCP_SNOOPING: direct forward dhcp replyto output port:
2960-1#Port-channel1.
2960-1#sh ip dhc
2960-1#sh ip dhcp no
2960-1#sh ip dhcp sno
2960-1#sh ip dhcp snooping b
2960-1#sh ip dhcp snooping binding
MacAddress          IpAddress        Lease(sec) Type           VLAN Interface
30:37:A6:96:36:40   172.16.156.47    86387       dhcp-snooping   1     Port-channel1
Total number of bindings: 1
2960-1#sh ver | in IOS
Cisco IOS Software, C2960S Software (C2960S-UNIVERSALK9-M), Version 15.0(2)SE5, RELEASE SOFTWARE (fc1)
2960-1#

Internet DHCP/DNS issues with WRT1900ac

I've had a WRT1900ac now for about 2 weeks and the problems seem to be escalating. Need help. And yes, I've already read dozens of threads about these issues and nothing seems to be working.
Most of the problems seem to be centered around this DHCP/DNS issue that so many have been reporting.
First, the symptoms:
Galaxy S4 phones when connected via wifi have some apps that don't update (facebook and google play)
Some computers (both Win 7) will connect to the network just fine, both wired and wireless - but won't be able to get to the internet
I've spent the last 2-3 days of my life reading forums and trying all sorts of things to get this to work properly (like my old router) and I'm still stuck. Some things I've tried:
Firmware is up-to-date (latest version: 1.1.8.164461)
Manually assigned static DNS in router config settings (connectivity -> local network) to various combinations including the router address, 8.8.8.8, 8.8.4.4, 75.75.75.75, 75.75.76.76 (I have comcast), OpenDNS addresses, etc. I read that the router address is not needed, so I stopped including it.
I manually assigned IPs and DNS on the Galaxy S4 phones and that seemed to work... but also seems unnecessary.
I've reserved DHCP addresses on the computers in question, that didn't seem to work, I also manually set DNS on one of the comupters (can't on the other... long story/not my computer) and that worked for a while and then stopped working.
The only way to get one of the computers on the internet now is to turn on the guest network (even though the computer is hard wired to the router), connect, and then the wired network works. No clue why this is, but my guess is that it needs the guest network for DNS, then it fails back over to the wired network. Once that happens, I can actually turn off the wifi on the computer and everything works great... until I reboot. Key point: I can't change any settings on that box other than entering in SSID/passphrase info for the wireless connection. I can connect to the regular (non-Guest) wifi just fine - I just can't ever get to the internet.
I've tried massaging DHCP settings on the router until I'm blue in the face - Static DNS, reserving DHCP addresses, hell I even put one of the computers in the DMZ to see if that would work and it still can't connect to the internet (it's worth noting that with my old router, Linksys WRT310N, the setup was literally plug-and-play - no hassle with any of this).
I've tried countless router reboots, factory resets, turning off my modem and router for 2+ minutes, and nothing is working.
I even read somewhere that if you modify your DHCP settings at all that the WRT1900ac stops doing DNS properly and breaks, so I even tried several "hard" factory resets and used all the default DHCP/DNS settings. And it worked... for a few hours.
Seriously, I'm at my wit's end. I'm out a lot of money on this thing and it's been one headache after another. Please help.

I think for most people its a bad idea to hold out that hope, lol. It seems like a great piece of hardware but if you really need a router and don't want to have to 'play' with it, its probably not a good choice. I have an EA6900 that I am very happy with but it has the same restrictions as far as DNS and I really hate the idea that I am forced to use the smartwifi portal. I would really like for them to give me a choice of the old gui or the new one and let ME decide. Lots of routers to choose from out there now and new ones seem to be coming out all the time so do some reading and see if something suits you better. Good luck!

ISE and dhcp snooping

Hi all,
The ISE configuration validator says we should have DHCP snooping enabled on our network access devices (switches) so we do it. However I have never understood what this accomplishes. (In terms of ISE/NAC. I understand what DHCP snooping is).
Can anyone explain? Thanks.

Thanks for the reply, Vattulu.
Interesting article/section, but I don't see where it says anything about the relationship between dhcp snooping and profiling. It seems to be talking about the use of dhcp snooping option 82 to convey the 802.1x user info to the dhcp server. The dhcp server can then act on this information to assign specific IPs to specific users. I can see how ISE would get this information via ip-helper or maybe by snmp bulk query, but don't understand how that would assist with profiling. I mean, ISE already has the 802.1x user identity from the radius request, right? Maybe you can enlighten me.
Googling around I found this article/section:
http://www.cisco.com/c/en/us/td/docs/security/ise/1-1-1/user_guide/ise_user_guide/ise_sw_cnfg.html#wp1059679
which seems to imply that dhcp snooping info can be used when applying DACLs. Interesting, because I thought that was based on the ip device tracking table only. But, it says that dhcp snooping is optional, and doesn't go into any detail.
Still digging, I would like to understand this. Thanks for your help.

DHCP Snooping WLC

Hi,
I would like to DHCP snooping on the WLC.
Or a method to block DHCP pirate and authorized my DHCP.
Best Regards,
Julien Hernandez.

Here the client 192.168.0.0 :
(Cisco Controller) >show client detail 1c:99:4c:6f:c6:96
Client MAC Address............................... 1c:99:4c:6f:c6:96
Client Username ................................. N/A
AP MAC Address................................... 44:ad:d9:57:fd:20
AP Name.......................................... AP-INDE-106
AP radio slot Id................................. 0
Client State..................................... Associated
Client NAC OOB State............................. Access
Wireless LAN Id.................................. 1
Hotspot (802.11u)................................ Not Supported
BSSID............................................ 44:ad:d9:57:fd:20
Connected For ................................... 8127 secs
Channel.......................................... 11
IP Address....................................... 192.168.0.155
Gateway Address.................................. Unknown
Netmask.......................................... Unknown
Association Id................................... 8
Authentication Algorithm......................... Open System
Reason Code...................................... 1
Status Code...................................... 0
Session Timeout.................................. 15000
Client CCX version............................... No CCX support
QoS Level........................................ Silver
Avg data Rate.................................... 0
Burst data Rate.................................. 0
Avg Real time data Rate.......................... 0
Burst Real Time data Rate........................ 0
802.1P Priority Tag.............................. disabled
CTS Security Group Tag........................... Not Applicable
KTS CAC Capability............................... No
WMM Support...................................... Enabled
APSD ACs....................................... BK BE VI VO
Power Save....................................... ON
Current Rate..................................... m7
Supported Rates.................................. 5.5,11.0,6.0,9.0,12.0,18.0,
............................................. 24.0,36.0,48.0,54.0
Mobility State................................... Local
Mobility Move Count.............................. 0
Security Policy Completed........................ Yes
Policy Manager State............................. RUN
Policy Manager Rule Created...................... Yes
Audit Session ID................................. none
AAA Role Type.................................... none
Local Policy Applied............................. none
IPv4 ACL Name.................................... none
FlexConnect ACL Applied Status................... Unavailable
IPv4 ACL Applied Status.......................... Unavailable
IPv6 ACL Name.................................... none
IPv6 ACL Applied Status.......................... Unavailable
Layer2 ACL Name.................................. none
Layer2 ACL Applied Status........................ Unavailable
mDNS Status...................................... Disabled
mDNS Profile Name................................ none
No. of mDNS Services Advertised.................. 0
Policy Type...................................... N/A
Encryption Cipher................................ None
Protected Management Frame ...................... No
Management Frame Protection...................... No
EAP Type......................................... Unknown
FlexConnect Data Switching....................... Local
FlexConnect Dhcp Status.......................... Local
FlexConnect Vlan Based Central Switching......... No
FlexConnect Authentication....................... Central
Quarantine VLAN.................................. 0
Access VLAN...................................... 321
Client Capabilities:
CF Pollable................................ Not implemented
CF Poll Request............................ Not implemented
Short Preamble............................. Implemented
PBCC....................................... Not implemented
Channel Agility............................ Not implemented
Listen Interval............................ 10
Fast BSS Transition........................ Not implemented
Client Wifi Direct Capabilities:
WFD capable................................ No
Manged WFD capable......................... No
Cross Connection Capable................... No
Support Concurrent Operation............... No
Fast BSS Transition Details:
Client Statistics:
Number of Bytes Received................... 2526655
Number of Bytes Sent....................... 2425132
Total Number of Bytes Sent................. 2425132
Total Number of Bytes Recv................. 2526655
Number of Bytes Sent (last 90s)............ 64
Number of Bytes Recv (last 90s)............ 6764
Number of Packets Received................. 25105
Number of Packets Sent..................... 5996
Number of Interim-Update Sent.............. 0
Number of EAP Id Request Msg Timeouts...... 0
Number of EAP Id Request Msg Failures...... 0
Number of EAP Request Msg Timeouts......... 0
Number of EAP Request Msg Failures......... 0
Number of EAP Key Msg Timeouts............. 0
Number of EAP Key Msg Failures............. 0
Number of Data Retries..................... 1018
Number of RTS Retries...................... 0
Number of Duplicate Received Packets....... 56
Number of Decrypt Failed Packets........... 0
Number of Mic Failured Packets............. 0
Number of Mic Missing Packets.............. 0
Number of RA Packets Dropped............... 0
Number of Policy Errors.................... 0
Radio Signal Strength Indicator............ -60 dBm
Signal to Noise Ratio...................... 24 dB
Client Rate Limiting Statistics:
Number of Data Packets Recieved............ 0
Number of Data Rx Packets Dropped.......... 0
Number of Data Bytes Recieved.............. 0
Number of Data Rx Bytes Dropped............ 0
Number of Realtime Packets Recieved........ 0
Number of Realtime Rx Packets Dropped...... 0
Number of Realtime Bytes Recieved.......... 0
Number of Realtime Rx Bytes Dropped........ 0
Number of Data Packets Sent................ 0
Number of Data Tx Packets Dropped.......... 0
Number of Data Bytes Sent.................. 0
Number of Data Tx Bytes Dropped............ 0
Number of Realtime Packets Sent............ 0
Number of Realtime Tx Packets Dropped...... 0
Number of Realtime Bytes Sent.............. 0
Number of Realtime Tx Bytes Dropped........ 0
Nearby AP Statistics:
AP-INDE-108(slot 0)
antenna0: 5364 secs ago.................. -74 dBm
antenna1: 5364 secs ago.................. -87 dBm
AP-INDE-106(slot 0)
antenna0: 5364 secs ago.................. -67 dBm
antenna1: 5364 secs ago.................. -57 dBm
AP-INDE-106(slot 1)
antenna0: 5363 secs ago.................. -82 dBm
antenna1: 5363 secs ago.................. -87 dBm
AP-INDE-111(slot 0)
antenna0: 5364 secs ago.................. -94 dBm
antenna1: 5364 secs ago.................. -97 dBm
AP-INDE-119(slot 0)
antenna0: 5364 secs ago.................. -87 dBm
antenna1: 5364 secs ago.................. -91 dBm
AP-INDE-105(slot 0)
antenna0: 5364 secs ago.................. -68 dBm
antenna1: 5364 secs ago.................. -79 dBm
AP-INDE-105(slot 1)
antenna0: 5363 secs ago.................. -90 dBm
antenna1: 5363 secs ago.................. -87 dBm
AP-INDE-109(slot 0)
antenna0: 5364 secs ago.................. -75 dBm
antenna1: 5364 secs ago.................. -85 dBm
AP-INDE-109(slot 1)
antenna0: 5364 secs ago.................. -83 dBm
antenna1: 5364 secs ago.................. -78 dBm
AP-INDE-121(slot 0)
antenna0: 14490 secs ago................. -91 dBm
antenna1: 14490 secs ago................. -92 dBm
AP-INDE-126(slot 0)
antenna0: 8132 secs ago.................. -89 dBm
antenna1: 8132 secs ago.................. -92 dBm
AP-INDE-126(slot 1)
antenna0: 38197 secs ago................. -93 dBm
antenna1: 38197 secs ago................. -83 dBm
AP-INDE-116(slot 0)
antenna0: 5364 secs ago.................. -61 dBm
antenna1: 5364 secs ago.................. -50 dBm
AP-INDE-116(slot 1)
antenna0: 5364 secs ago.................. -82 dBm
antenna1: 5364 secs ago.................. -86 dBm
AP-INDE-112(slot 0)
antenna0: 5364 secs ago.................. -71 dBm
antenna1: 5364 secs ago.................. -71 dBm
AP-INDE-112(slot 1)
antenna0: 5364 secs ago.................. -88 dBm
antenna1: 5364 secs ago.................. -90 dBm
AP-INDE-107(slot 0)
antenna0: 8129 secs ago.................. -91 dBm
antenna1: 8129 secs ago.................. -85 dBm
AP-INDE-118(slot 0)
antenna0: 5364 secs ago.................. -94 dBm
antenna1: 5364 secs ago.................. -91 dBm
AP-INDE-114(slot 0)
antenna0: 5364 secs ago.................. -93 dBm
antenna1: 5364 secs ago.................. -85 dBm
AP-INDE-114(slot 1)
antenna0: 38197 secs ago................. -93 dBm
antenna1: 38197 secs ago................. -91 dBm
AP-INDE-123(slot 0)
antenna0: 5364 secs ago.................. -72 dBm
antenna1: 5364 secs ago.................. -83 dBm
AP-INDE-103(slot 0)
antenna0: 5364 secs ago.................. -91 dBm
antenna1: 5364 secs ago.................. -83 dBm
AP-INDE-104(slot 0)
antenna0: 5364 secs ago.................. -87 dBm
antenna1: 5364 secs ago.................. -90 dBm
AP-INDE-102(slot 0)
antenna0: 5364 secs ago.................. -90 dBm
antenna1: 5364 secs ago.................. -87 dBm
DNS Server details:
DNS server IP ............................. 0.0.0.0
DNS server IP ............................. 0.0.0.0
Assisted Roaming Prediction List details:
Client Dhcp Required: True
Allowed (URL)IP Addresses
(Cisco Controller) >show client detail ec:59:e7:e9:e5:68
Client MAC Address............................... ec:59:e7:e9:e5:68
Client Username ................................. N/A
AP MAC Address................................... 44:ad:d9:57:fd:20
AP Name.......................................... AP-INDE-106
AP radio slot Id................................. 0
Client State..................................... Associated
Client NAC OOB State............................. Access
Wireless LAN Id.................................. 1
Hotspot (802.11u)................................ Not Supported
BSSID............................................ 44:ad:d9:57:fd:20
Connected For ................................... 3043 secs
Channel.......................................... 11
IP Address....................................... 192.168.0.162
Gateway Address.................................. Unknown
Netmask.......................................... Unknown
Association Id................................... 4
Authentication Algorithm......................... Open System
Reason Code...................................... 1
Status Code...................................... 0
Session Timeout.................................. 15000
Client CCX version............................... No CCX support
QoS Level........................................ Silver
Avg data Rate.................................... 0
Burst data Rate.................................. 0
Avg Real time data Rate.......................... 0
Burst Real Time data Rate........................ 0
802.1P Priority Tag.............................. disabled
CTS Security Group Tag........................... Not Applicable
KTS CAC Capability............................... No
WMM Support...................................... Enabled
APSD ACs....................................... BK BE VI VO
Power Save....................................... ON
Current Rate..................................... m7
Supported Rates.................................. 5.5,11.0,6.0,9.0,12.0,18.0,
............................................. 24.0,36.0,48.0,54.0
Mobility State................................... Local
Mobility Move Count.............................. 0
Security Policy Completed........................ Yes
Policy Manager State............................. RUN
Policy Manager Rule Created...................... Yes
Audit Session ID................................. none
AAA Role Type.................................... none
Local Policy Applied............................. none
IPv4 ACL Name.................................... none
FlexConnect ACL Applied Status................... Unavailable
IPv4 ACL Applied Status.......................... Unavailable
IPv6 ACL Name.................................... none
IPv6 ACL Applied Status.......................... Unavailable
Layer2 ACL Name.................................. none
Layer2 ACL Applied Status........................ Unavailable
mDNS Status...................................... Disabled
mDNS Profile Name................................ none
No. of mDNS Services Advertised.................. 0
Policy Type...................................... N/A
Encryption Cipher................................ None
Protected Management Frame ...................... No
Management Frame Protection...................... No
EAP Type......................................... Unknown
FlexConnect Data Switching....................... Local
FlexConnect Dhcp Status.......................... Local
FlexConnect Vlan Based Central Switching......... No
FlexConnect Authentication....................... Central
Quarantine VLAN.................................. 0
Access VLAN...................................... 321
Client Capabilities:
CF Pollable................................ Not implemented
CF Poll Request............................ Not implemented
Short Preamble............................. Implemented
PBCC....................................... Not implemented
Channel Agility............................ Not implemented
Listen Interval............................ 1
Fast BSS Transition........................ Not implemented
Client Wifi Direct Capabilities:
WFD capable................................ No
Manged WFD capable......................... No
Cross Connection Capable................... No
Support Concurrent Operation............... No
Fast BSS Transition Details:
Client Statistics:
Number of Bytes Received................... 13499
Number of Bytes Sent....................... 7662
Total Number of Bytes Sent................. 7662
Total Number of Bytes Recv................. 13499
Number of Bytes Sent (last 90s)............ 0
Number of Bytes Recv (last 90s)............ 0
Number of Packets Received................. 184
Number of Packets Sent..................... 69
Number of Interim-Update Sent.............. 0
Number of EAP Id Request Msg Timeouts...... 0
Number of EAP Id Request Msg Failures...... 0
Number of EAP Request Msg Timeouts......... 0
Number of EAP Request Msg Failures......... 0
Number of EAP Key Msg Timeouts............. 0
Number of EAP Key Msg Failures............. 0
Number of Data Retries..................... 61
Number of RTS Retries...................... 0
Number of Duplicate Received Packets....... 2
Number of Decrypt Failed Packets........... 0
Number of Mic Failured Packets............. 0
Number of Mic Missing Packets.............. 0
Number of RA Packets Dropped............... 0
Number of Policy Errors.................... 0
Radio Signal Strength Indicator............ -70 dBm
Signal to Noise Ratio...................... 18 dB
Client Rate Limiting Statistics:
Number of Data Packets Recieved............ 0
Number of Data Rx Packets Dropped.......... 0
Number of Data Bytes Recieved.............. 0
Number of Data Rx Bytes Dropped............ 0
Number of Realtime Packets Recieved........ 0
Number of Realtime Rx Packets Dropped...... 0
Number of Realtime Bytes Recieved.......... 0
Number of Realtime Rx Bytes Dropped........ 0
Number of Data Packets Sent................ 0
Number of Data Tx Packets Dropped.......... 0
Number of Data Bytes Sent.................. 0
Number of Data Tx Bytes Dropped............ 0
Number of Realtime Packets Sent............ 0
Number of Realtime Tx Packets Dropped...... 0
Number of Realtime Bytes Sent.............. 0
Number of Realtime Tx Bytes Dropped........ 0
Nearby AP Statistics:
AP-INDE-120(slot 0)
antenna0: 36159 secs ago................. -98 dBm
antenna1: 36159 secs ago................. -97 dBm
AP-INDE-115(slot 0)
antenna0: 11075 secs ago................. -96 dBm
antenna1: 11075 secs ago................. -96 dBm
AP-INDE-108(slot 0)
antenna0: 188 secs ago................... -96 dBm
antenna1: 188 secs ago................... -95 dBm
AP-INDE-106(slot 0)
antenna0: 188 secs ago................... -78 dBm
antenna1: 188 secs ago................... -67 dBm
AP-INDE-111(slot 0)
antenna0: 1451 secs ago.................. -98 dBm
antenna1: 1451 secs ago.................. -95 dBm
AP-INDE-119(slot 0)
antenna0: 188 secs ago................... -87 dBm
antenna1: 188 secs ago................... -95 dBm
AP-INDE-122(slot 0)
antenna0: 73165 secs ago................. -95 dBm
antenna1: 73165 secs ago................. -95 dBm
AP-INDE-105(slot 0)
antenna0: 188 secs ago................... -85 dBm
antenna1: 188 secs ago................... -86 dBm
AP-INDE-109(slot 0)
antenna0: 332 secs ago................... -91 dBm
antenna1: 332 secs ago................... -89 dBm
AP-INDE-121(slot 0)
antenna0: 2708 secs ago.................. -98 dBm
antenna1: 2708 secs ago.................. -96 dBm
AP-INDE-126(slot 0)
antenna0: 215 secs ago................... -84 dBm
antenna1: 215 secs ago................... -86 dBm
AP-INDE-116(slot 0)
antenna0: 188 secs ago................... -61 dBm
antenna1: 188 secs ago................... -61 dBm
AP-INDE-112(slot 0)
antenna0: 187 secs ago................... -83 dBm
antenna1: 187 secs ago................... -85 dBm
AP-INDE-107(slot 0)
antenna0: 188 secs ago................... -89 dBm
antenna1: 188 secs ago................... -90 dBm
AP-INDE-118(slot 0)
antenna0: 188 secs ago................... -95 dBm
antenna1: 188 secs ago................... -98 dBm
AP-INDE-114(slot 0)
antenna0: 187 secs ago................... -83 dBm
antenna1: 187 secs ago................... -85 dBm
AP-INDE-113(slot 0)
antenna0: 38981 secs ago................. -94 dBm
antenna1: 38981 secs ago................. -95 dBm
AP-INDE-123(slot 0)
antenna0: 187 secs ago................... -73 dBm
antenna1: 187 secs ago................... -65 dBm
AP-INDE-117(slot 0)
antenna0: 11013 secs ago................. -94 dBm
antenna1: 11013 secs ago................. -97 dBm
AP-INDE-103(slot 0)
antenna0: 187 secs ago................... -70 dBm
antenna1: 187 secs ago................... -80 dBm
AP-INDE-104(slot 0)
antenna0: 214 secs ago................... -95 dBm
antenna1: 214 secs ago................... -91 dBm
AP-INDE-102(slot 0)
antenna0: 215 secs ago................... -87 dBm
antenna1: 215 secs ago................... -88 dBm
AP-INDE-100(slot 0)
antenna0: 11014 secs ago................. -96 dBm
antenna1: 11014 secs ago................. -96 dBm
AP-INDE-101(slot 0)
antenna0: 11013 secs ago................. -96 dBm
antenna1: 11013 secs ago................. -95 dBm
DNS Server details:
DNS server IP ............................. 0.0.0.0
DNS server IP ............................. 0.0.0.0
Assisted Roaming Prediction List details:
Client Dhcp Required: True
Allowed (URL)IP Addresses

DHCP Snooping database - The current agent is active

Hello, I need to change an database URL. But switch can't end active agent.
After release of command I get an message, and nothing happend. After release "no" the result is the same.
I had tried no ip dhcp snooping and also use a timers to expire, but I think switch have got a software error.
Version 12.2(33)SXH6, RELEASE SOFTWARE (fc1)
switch#ip dhcp snooping database scp://user:[email protected]/tftpboot/snooping/switch
%Cannot change URL. The current agent is active.

Hi Sunil, that was the last idea I had got.
The one before the last was write on this support forum.
So I tried everythink but reboot. Which is little bit strange solution.
Thank you.

How to synchronize between DHCP binding table and DHCP snooping table ?

I clear DHCP snooping table with command "clear ip dhcp snooping binding " , and PC can't communicate with other any more. So how to synchronize between DHCP binding table and DHCP snooping table ?
dhcp-test#sh ip dhcp bind
IP address Client-ID/ Lease expiration Type
Hardware address
99.1.65.32 0100.1125.353c.25 Mar 02 1993 01:05 AM Automatic
99.1.65.33 0100.1438.059f.85 Mar 02 1993 12:01 AM Automatic
dhcp-test#sh ip dhcp snooping binding
MacAddress IpAddress Lease(sec) Type VLAN Interface
Total number of bindings: 0
thanks!

ip dhcp snooping binding mac-address vlan vlan-id ip-address interface interface-id expiry seconds
Add binding entries to the DHCP snooping binding database. The vlan-id range is from 1 to 4904. The seconds range is from 1 to 4294967295.
Enter the above command for each entry that you add
To delete the database agent or binding file, use the no ip dhcp snooping database interface configuration command. To reset the timeout or delay values, use the ip dhcp snooping database timeout seconds or the ip dhcp snooping database write-delay seconds global configuration command.To renew the database, use the renew ip dhcp snooping database privileged EXEC command.

Ip dhcp snooping issue

Similar Messages

Maybe you are looking for