Unsolved
This post is more than 5 years old
19 Posts
0
11216
DHCP snooping between multiple switches and how to make exceptions
I am using two Dell S4810 switches which are connected to a router S6000.
The issue that I am experiencing is that DHCP requests can't be delivered from DHCP server on sw1 to DHCP client server on sw2 when DHCP snooping is enabled. Client servers on the same switch as DHCP server are able to receive DHCP with no problem. Router to which the switches are connected has no DHCP snooping enabled. I have seen solutions for Cisco switches, but I am using dell switches and I can not find a solution to this. Disabling DHCP snooping on either of the switches fixes the problem oddly. I've also enabled snooping trust on DHCP server and client ports as well as uplink from sw1 to sw2. Any suggestions?
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
September 29th, 2017 13:00
Just to clarify, if you disable snooping on one of the switches, everything works fine? Can you just leave snooping disabled on the one switch? Or does this introduce a different issue?
AndriusLi
19 Posts
0
September 29th, 2017 14:00
Yes, it doesn't matter which one, as soon as I remove global snooping settings from either one of them, DHCP client starts receiving DHCP packets and getting IP address. Unfortunately both switches are used by a high number of clients and removing IP dhcp snooping even from a single switch would outweigh the benefits of being able to fully use DHCP. I was thinking that perhaps I am missing something simple as it seems rather odd that I couldn't configure dhcp snooping between multiple switches without being able to make some exceptions for specific ports or VLANS. Both dhcp server and client reside within the same VLAN.
All of the DHCP clients within the same switch on which DHCP server resides are able to receive DHCP snooping even without it being turned off. I am starting to think that something is being added on the uplink packets that are leaving the switch.
This is a pretty basic representation of DHCP snooping settings on switches:
SW1:
#(conf) ip dhcp snooping (general dhcp snooping settings)
#(conf) ip dhcp snooping vlan 505 (I am telling it to target this vlan)
#(dhcp server port) ip dhcp snooping trust
#(port-channel to router) ip dhcp snooping trust
SW2:
#(conf) ip dhcp snooping (general dhcp snooping settings)
#(conf) ip dhcp snooping vlan 505 (I am telling it to target this vlan)
#(dhcp client port) ip dhcp snooping trust (it shouldn't really need this but, for debugging sake)
#(port-channel to router) ip dhcp snooping trust
I tried various combinations. I am starting to believe that it might be due to some optional 82 setting with DHCP packets even though I don't see any config enabled on either of the switches or router. However I am only guessing. I have seen this problem on Cisco switches, but the solution for it was to specifically for cisco.
supportforums.cisco.com/.../2189599
This is what I get from switch on which I keep my DHCP server when my client requests for DHCP and is unable to receive it.
%STKUNIT0-M:CP %DHCP-6-DHCPNOGIADDR: DHCP: DHCP message from server((null)) has no giaddr present - repeated 6 times
AndriusLi
19 Posts
0
October 2nd, 2017 04:00
Checked how packets go from DHCP server up to the client and noticed the location at which the packet is dropped and never reaches client.
Request packet:
Client server -> SW2 -> Router -> SW1 -> DHCP server
Reply packet:
DHCP server -> SW1 -> Router -> SW2 (It reaches client server switch but never reaches the client itself, it is dropped)
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
October 2nd, 2017 07:00
great information you have compiled here. Only thing I can think of right now is to check the router and ensure it's interfaces are set to trust mode as well. what model router is it?
AndriusLi
19 Posts
0
October 2nd, 2017 09:00
Hi, thanks for your suggestions.
It is not router fault. I created a lab environment out of two S4810 switches connected directly to each other and encountered the same problem under the same circumstances.
Switch under which DHCP server is connected presents with these errors.
%DHCP-6-DHCPNOGIADDR: DHCP: DHCP message from server((null)) has no giaddr present - repeated 482
I think the circumstances of the error are explained in this forum even if it's for cisco:
"DHCP renewal packets are sent with option82 that causes "DHCP-6-DHCPNOGIADDR" messages to be generated when server replies. When client sends a DHCP renewal packet, relay agent sets its option 82 field without setting the giaddr field. When such request is received, server stips the option 82 and replies back with the giaddr not set. On such reply, relay agent throws the error
message and drop the packet."
https://community.spiceworks.com/topic/626273-need-help-on-a-switch-log-regarding-dhcp
Which would be weird since there is no settings for option 82 enabled or DHCP relay. Isn't there anyone who encountered this issue when using multiple switches with DHCP snooping on?
And on why it works if either of the switches have IP DHCP snooping disabled is probably because if you disable IP dhcp snooping on server side sw the DHCP reply packet won't be messed up and client side sw probably accepts it normally. If you disable it on the client side sw the switch simply does not check the packet for correctness and allows it to pass through to the client server.
murmanov
59 Posts
0
February 7th, 2018 01:00
Hello, Andrius, did you figure out how to solve this issue? Looks like I have similar issue, but switch is different (Force10 MXL).
https://www.dell.com/community/Networking/Force10-MXL-10-40-dhcp-snooping-issue/td-p/5792408/jump-to/first-unread-message
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
February 19th, 2018 13:00
For anyone else experiencing similar behavior. What we found was that the switch may need to have DHCP relay enabled, even if the interface is layer 2. The switch will also need to have each VLAN created on it, and snooping enabled on that VLAN.