Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

M

murmanov

1 Rookie

 • 

62 Posts

6466

January 31st, 2018 07:00

Force10 MXL 10/40 dhcp snooping issue

Hello, community, I'm trying to implement "DHCP Snooping" on Dell Force10 MXL switches, but looks like those switches behave differently if we compare to other vendors.  Can somebody point to correct CLI command, if I missed something?

What we have:

Dell Force10 MXL 10/40 - software version 9.9 

ip dhcp snooping
ip dhcp snooping vlan 1-4094
ip dhcp snooping trust ( on the interface level for required ports )

I also tried to add, but it didn't change anything

ip dhcp relay information-option trust-downstream

 In the logs I'm seeing following repeated messages:

DHCP message from server((null)) has no giaddr present - repeated 3 times 

 

Anonymous

5 Practitioner

 • 

274.2K Posts

January 31st, 2018 10:00

Are you wanting to relay DHCP requests from one VLAN to another? If so, I believe you need to configure the ip helper address.

# ip helper-address {DHCP server IP Address}

http://dell.to/2DRBaiu

murmanov

1 Rookie

 • 

62 Posts

January 31st, 2018 11:00

This configuration from switch with server connected to it and at this moment we're trying to implement snooping in single vlan. Port with server was configured as trust and after that this message appeared in the log and non of the clients are getting ip from this server.

I believe there should be option to allow empty giaddr field like it exist on Cisco gears

Anonymous

5 Practitioner

 • 

274.2K Posts

January 31st, 2018 12:00

I see, thanks for the extra information. Taking out the DHCP relay portion should take care of option 82 being used.

# No ip dhcp relay information-option trust-downstream

 

Just to confirm, the trust mode command is on the server facing interface?

 

Can you please post up the output from the following command?

# show ip dhcp snooping

murmanov

1 Rookie

 • 

62 Posts

January 31st, 2018 12:00

Here is current config, dhcp snooping disabled globally since chassis is in production at this moment

ow-ch05-switch#sh ip dhcp snooping 

IP DHCP Snooping                           : Disabled.
IP DHCP Snooping Mac Verification          : Disabled.
IP DHCP Relay Information-option           : Disabled.
IP DHCP Relay Trust Downstream             : Enabled.

Database write-delay (In minutes)          : 0

DHCP packets information
Relay Information-option packets           : 0
Relay Trust downstream packets             : 0
Snooping packets                           : 0

Packets received on snooping disabled L3 Ports   : 0
Snooping packets processed on L2 vlans     : 0

DHCP Binding File Details
Invalid File                               : 0
Invalid Binding Entry                      : 0
Binding Entry lease expired                : 0
 
List of Trust Ports                        :
Te 0/4
Te 0/9  
Te 0/44
Te 1/4
Te 1/9
Te 1/44
 
List of DHCP Snooping Enabled Vlans        :

Ports number 44 are uplinks, 9 and 4 are dhcp servers half-size blades.

I tried both options with and without "information-option trust-downstream", but nothing changed

murmanov

1 Rookie

 • 

62 Posts

February 1st, 2018 06:00

Thanks for checking this. Yes, I got same warning, we're using VLAN 1 as default/native, but most access ports configured as tagged for numerous of vlans and my DHCP connected to VLAN 30. I don't think this warning could break everything.

Anonymous

5 Practitioner

 • 

274.2K Posts

February 1st, 2018 06:00

I was running through the commands you have implemented and received a warning when issuing the snooping vlan command.

Dell(conf)#ip dhcp snooping vlan 1-4094
% Warning: Snooping cannot be enabled on default vlan.

Did you run into this same message? Or has the default VLAN been changed?

Anonymous

5 Practitioner

 • 

274.2K Posts

February 1st, 2018 07:00

For some reason I was thinking this was all on VLAN 1. In the show output, were there any VLANs listed after

List of DHCP Snooping Enabled Vlans

 If not, can you please try just enabling the snooping on VLAN 30?

murmanov

1 Rookie

 • 

62 Posts

February 2nd, 2018 00:00

Hello, Daniel, thanks for your help

Sorry for confusing situation, let me clarify everything one more time in order to give you more wide understanding about existing issue. You're not seeing list of VLANs because there were 4094, one in a row, that's why I didn't post them.

We have tested 2 different cases for dhcp snooping feature in chassis switch, I'll provide explanation below:

1. MXL 10/40 connected to Cisco ToR switch, DHCP client connected to MXL switch and DHCP server connected to ToR switch. In this configuration everything was fine, MXL determined DHCP client host, added entry to snooping table and etc. Everything in the same VLAN

2. DHCP server and client connected to MXL switch, same configuration, server's port configured as trusted, but DHCP client never receives IP from the server

We tried different DHCP servers, dnsmasq and isc-dhcpd

Anonymous

5 Practitioner

 • 

274.2K Posts

February 2nd, 2018 05:00

Thanks, I just wanted to be sure the VLANs were listed.  I could not find a command that would allow for zero giaddr. I would like to help look into this further and have sent you a private message requesting some additional logs from the switch. I look forward to hearing from you.

murmanov

1 Rookie

 • 

62 Posts

February 7th, 2018 01:00

Anonymous

5 Practitioner

 • 

274.2K Posts

February 19th, 2018 13:00

For anyone else experiencing similar behavior. What we found was that the switch may need to have DHCP relay enabled, even if the interface is layer 2. The switch will also need to have each VLAN created on it, and snooping enabled on that VLAN.

 

 

View More

View All

No Events found!

Top