Highlighted
murmanov
Silver

Force10 MXL 10/40 dhcp snooping issue

Hello, community, I'm trying to implement "DHCP Snooping" on Dell Force10 MXL switches, but looks like those switches behave differently if we compare to other vendors.  Can somebody point to correct CLI command, if I missed something?

What we have:

Dell Force10 MXL 10/40 - software version 9.9 

ip dhcp snooping
ip dhcp snooping vlan 1-4094
ip dhcp snooping trust ( on the interface level for required ports )

I also tried to add, but it didn't change anything

ip dhcp relay information-option trust-downstream

 In the logs I'm seeing following repeated messages:

DHCP message from server((null)) has no giaddr present - repeated 3 times 

 

Labels (2)
0 Kudos
11 Replies
Moderator
Moderator

Re: Force10 MXL 10/40 dhcp snooping issue

Are you wanting to relay DHCP requests from one VLAN to another? If so, I believe you need to configure the ip helper address.

# ip helper-address {DHCP server IP Address}

http://dell.to/2DRBaiu

Daniel Covey
Dell EMC| Enterprise Support Services
Get support on Twitter:@DellCaresPRO
Download our QRL app:iOS, Android, Windows
Dell Networking Resources

0 Kudos
murmanov
Silver

Re: Force10 MXL 10/40 dhcp snooping issue

This configuration from switch with server connected to it and at this moment we're trying to implement snooping in single vlan. Port with server was configured as trust and after that this message appeared in the log and non of the clients are getting ip from this server.

I believe there should be option to allow empty giaddr field like it exist on Cisco gears

0 Kudos
Moderator
Moderator

Re: Force10 MXL 10/40 dhcp snooping issue

I see, thanks for the extra information. Taking out the DHCP relay portion should take care of option 82 being used.

# No ip dhcp relay information-option trust-downstream

 

Just to confirm, the trust mode command is on the server facing interface?

 

Can you please post up the output from the following command?

# show ip dhcp snooping

Daniel Covey
Dell EMC| Enterprise Support Services
Get support on Twitter:@DellCaresPRO
Download our QRL app:iOS, Android, Windows
Dell Networking Resources

0 Kudos
murmanov
Silver

Re: Force10 MXL 10/40 dhcp snooping issue

Here is current config, dhcp snooping disabled globally since chassis is in production at this moment

ow-ch05-switch#sh ip dhcp snooping 

IP DHCP Snooping                           : Disabled.
IP DHCP Snooping Mac Verification          : Disabled.
IP DHCP Relay Information-option           : Disabled.
IP DHCP Relay Trust Downstream             : Enabled.

Database write-delay (In minutes)          : 0

DHCP packets information
Relay Information-option packets           : 0
Relay Trust downstream packets             : 0
Snooping packets                           : 0

Packets received on snooping disabled L3 Ports   : 0
Snooping packets processed on L2 vlans     : 0

DHCP Binding File Details
Invalid File                               : 0
Invalid Binding Entry                      : 0
Binding Entry lease expired                : 0
 
List of Trust Ports                        :
Te 0/4
Te 0/9  
Te 0/44
Te 1/4
Te 1/9
Te 1/44
 
List of DHCP Snooping Enabled Vlans        :

Ports number 44 are uplinks, 9 and 4 are dhcp servers half-size blades.

I tried both options with and without "information-option trust-downstream", but nothing changed

0 Kudos
Moderator
Moderator

Re: Force10 MXL 10/40 dhcp snooping issue

I was running through the commands you have implemented and received a warning when issuing the snooping vlan command.

Dell(conf)#ip dhcp snooping vlan 1-4094
% Warning: Snooping cannot be enabled on default vlan.

Did you run into this same message? Or has the default VLAN been changed?

Daniel Covey
Dell EMC| Enterprise Support Services
Get support on Twitter:@DellCaresPRO
Download our QRL app:iOS, Android, Windows
Dell Networking Resources

0 Kudos
murmanov
Silver

Re: Force10 MXL 10/40 dhcp snooping issue

Thanks for checking this. Yes, I got same warning, we're using VLAN 1 as default/native, but most access ports configured as tagged for numerous of vlans and my DHCP connected to VLAN 30. I don't think this warning could break everything.
0 Kudos
Moderator
Moderator

Re: Force10 MXL 10/40 dhcp snooping issue

For some reason I was thinking this was all on VLAN 1. In the show output, were there any VLANs listed after

List of DHCP Snooping Enabled Vlans      

 If not, can you please try just enabling the snooping on VLAN 30?

Daniel Covey
Dell EMC| Enterprise Support Services
Get support on Twitter:@DellCaresPRO
Download our QRL app:iOS, Android, Windows
Dell Networking Resources

0 Kudos
murmanov
Silver

Re: Force10 MXL 10/40 dhcp snooping issue

Hello, Daniel, thanks for your help

Sorry for confusing situation, let me clarify everything one more time in order to give you more wide understanding about existing issue. You're not seeing list of VLANs because there were 4094, one in a row, that's why I didn't post them.

We have tested 2 different cases for dhcp snooping feature in chassis switch, I'll provide explanation below:

1. MXL 10/40 connected to Cisco ToR switch, DHCP client connected to MXL switch and DHCP server connected to ToR switch. In this configuration everything was fine, MXL determined DHCP client host, added entry to snooping table and etc. Everything in the same VLAN

2. DHCP server and client connected to MXL switch, same configuration, server's port configured as trusted, but DHCP client never receives IP from the server

We tried different DHCP servers, dnsmasq and isc-dhcpd

0 Kudos
Moderator
Moderator

Re: Force10 MXL 10/40 dhcp snooping issue

Thanks, I just wanted to be sure the VLANs were listed.  I could not find a command that would allow for zero giaddr. I would like to help look into this further and have sent you a private message requesting some additional logs from the switch. I look forward to hearing from you.

Daniel Covey
Dell EMC| Enterprise Support Services
Get support on Twitter:@DellCaresPRO
Download our QRL app:iOS, Android, Windows
Dell Networking Resources