Cisco Switching/Routing :: Router Is Connected To Switch 2960 Configured As DHCP SNOOPING
Sep 3, 2012
We have a DHCP SERVER implemented in a cisco router 2610.This router is connected to a switch cisco 2960 configured as DHCP SNOOPING. At the switch appear the next log message: [code] The ip address: 10.100.200.1 belongs to DHCP SERVER configured at router cisco 2610. What to do so these log messages does not appear any more? Do I need to do some configuration changes at some switch or router?
View 11 Replies
ADVERTISEMENT
Apr 17, 2012
I have a new catalyst 2960,and i want to enable DHCP SNOOPING,but,it doesn't work,the server is stilling offert addresses IP and it's not connected in a trusted port,the schema is very simple:1 switch catalyst 2960 PST-S,1 server dhcp and 1 pc client,the PC and the server are in VLAN 10,DHCP SNOOPING is enabled in all ports and no port is trusted,but the client get addresse IP after retyping ipconfig /release and ipconfig /renew in dos commande.the configuration and the version of the switch are in the file attached.I tested the same configuration in a catalyst C3560-24PS and DHCP SNOOPING work normally,i tested in other catalyst 2960-PST-S,but the same probléme:DHCP SNOOPING without effect,the commands typed is:
-ip dhcp snnoping
-ip dhcp snooping vlan 10
View 5 Replies
View Related
May 7, 2013
I have a problem with DHCP. I have two 2960 connected with a port channel on ports 47 and 48 as trunk with native vlan 10. I only have this one vlan. In port 1 of sw 1, I have a C800 as DHCP server.
I have an AP autonomous with single ssid on vlan 10. When I connect the AP to sw1, I receive dhcp with no problems.When I connect the AP to sw 2, I’m not getting IP by DHCP.I have DHCP snooping working on vlan 10 on both devices.
The ports where I connect the AP are access ports on vlan 10 config as trusted.The trunk ports are also configured as trusted.The port 1 of ws 1 that goes to the C800 is also configured as trusted.
figure out why I’m not getting IP by DHCP when I connect the AP to the SW 2.The only I notice is that when I connect the AP to sw 2, I get on SW 1 the message of packet drop by option 82, but even after configuring ip dhcp snooping information option allow-untrusted on both switches, the problem persists.
View 5 Replies
View Related
Feb 14, 2012
does Cisco 2600 series switch support 802.1x and DHCP snooping?
View 6 Replies
View Related
Oct 21, 2011
I did the DHCP configuration for my CISCO 2960 switch but the clients are still not able to get the IPs.see the configuration below.
(config)#ip dhcp database cisco.com
(config)#pool test
(config-if)#client client-id vlan 500
(config-if)#ip dhcp snooping trust
View 1 Replies
View Related
Mar 2, 2012
If I knew the IP address of a host, can we know on which port on the switch its connected. The switch model is 2960
View 6 Replies
View Related
Nov 1, 2012
I am having 2960 switch and one port is configured with a VLAN and connected with an unmanageable switch and further one more unmanageable switch was connected to the primary unmanageable switch…
The topology will be 2960 switch -> unmanageable Switch -> unmanageable -> PC connected
The issue I am facing most of the PC are getting IP addresses through DHCP server and very few 5 or 6 PC’s out are not getting the IP from DHCP server.If I switch of the switch and switch on the issue is resolved for those and it will raise for some other PC’s.
View 2 Replies
View Related
Feb 11, 2012
With out using any server, will DHCP be configured in cisco 2950/2960 switch?I man cisco it self should work as a dhcp server also.
View 10 Replies
View Related
Jun 12, 2013
I Have a problem I'm trying to configure automatically my switch over ther DHCP when I start the switch it request an IP from the DHCP from here everythings is fine but it does nothing more,indeed I put on my dhcp the option 66 and 67 which is an adress of my TFTP server and a file to download and the switch seems not to understand theses options , I tried my dhcp with a cisco airport and everythings works fine the File from the TFTP is automatically downloaded into the airport...There is an option to add or am I missing something in order to make it work with my switch ?
My switch : Catalyst 2960IOS VER : 12.2(55)SE5
View 7 Replies
View Related
Jun 24, 2012
I need to configure a Cisco 2960 switch as a DHCP server. The current IP address will be on a different seed than the DHCP addresses. i.e.
Switch IP = 10.1.2.3, GW = 10.1.2.1, Subnet = 255.255.255.0
DHCP addresses would be 192.168.1.1 - 200, GW=???? (10.1.2.3?) and subnet would be 255.255.255.0
View 1 Replies
View Related
Sep 27, 2012
I have a problem at a place where 5 ME3400 switches are connected in a straight line. I can't do much about the topology of that place, but the problem is they are all DHCP Snooping, but uni cast replies from the dhcp server further up the hierarchy gets eaten by the first switch! I can't really see why it not only inspects in and whines about it not being for itself - it then drops the message.
What have we done wrong (apart from the actual layout of that place, which I can't really change)?
Sep 28 13:49:29: DHCP_SNOOPING: received new DHCP packet from input interface (GigabitEthernet0/1)
Sep 28 13:49:29: DHCP_SNOOPING: process new DHCP packet, message type: DHCPOFFER, input interface: Gi0/1, MAC da: 7444.012d.debd, MAC sa: 0013.1a4a.65c7, IP da: XX.YY.186.7, IP sa: XX.YY.186.1, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: XX.YY.186.7, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 7444.012d.debd
Sep 28 13:49:29: DHCP_SNOOPING: binary dump of option 82, length: 20 data:
[Code] ......
It really should just send it on, as with any uni cast not on the switch itself - it should go out Gi0/2 really. Why isn't it?
[core] -- [sw1] -- [sw2] -- [sw3] -- [sw4] -- [sw5]
All the trunks are trusted, DAI is on (I've tried shutting it off, as well), port-security is used but it's actually not dying on the switch having the client computer, but the first one in the chain with dhcp snooping.
View 6 Replies
View Related
Mar 2, 2013
I have a problem with high CPU load by DHCP Snooping process on Catalyst 6506 (WS-SUP720-3B, soft: s72033-ipservices_wan-mz.122-18.SXF11.bin). I have it enabled on 15 VLANS, in which there are subscriber devices residing, and sending DHCP requests through Cisco to DHCP server (Cisco acts as DHCP relay, and it's collecting the snooping database, I also use DAI).
Snooping database contains 6962 bindings now.
CPU load goes high only sometimes, and I don't have a clue, why it's going so high. It can load as high as 45-47% of CPU, like this:
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
116 81471244 322596368 252 42.95% 43.48% 36.06% 0 DHCP Snooping
When the load is high, the command: show ip dhcp snooping statistics is showing, that the overall quantity of
Packets Processed by DHCP Snooping is increasing rapidly. In normal situations, it's like 10-20 packets per second, but when the load is high, it's 1000-10000 pps.
But when I look at SPAN from my subscriber's VLANS, I don't really see any flood of DHCP requests, or something like that - everything looks as usual. Maybe, some of subscriber's devices are sending incorrect DHCP requests, that are causing packets to loop inside RP, or something like that? How can I detect that thing?
Also I thought, that if I enable the ip dhcp snooping trust mode on all of the Catalyst interfaces, the DHCP snooping will not process the subscribers DHCP packets, and I can, by exclusion of interfaces from one to one, detect, from which interface the problem is originating. But this seems to be incorrect, I turned the ip dhcsp snooping trust on all interfaces, and I still get spikes of CPU load by DHCP snooping process. Why it's still examining packets, even on trusted interfaces, is it ok?
And one more question - if I disable the ip dhcp snooping globally, will it clear all my existing bindings in snooping database?
View 3 Replies
View Related
Oct 12, 2011
I have attempted to implement DHCP snooping and have been having some strange issues. I have 5 3560s taht I use for my edge and when I attempt to implement on all five, the VLAN that houses my voice data appears to no longer be able to recieve DHCP lease renewals so after the 24 expiration all of my phones lose their configs. Once I roll back the changes the voice VLAN comes back. The other VLANs seem to function correctly as theya re able to renew their DHCP addresses.
The 3560s tie into each other using GIG Ports 1 & 2 and the top and bottom switches tie into our core switch, a 4507. The config that I use is below, failry simple and straightforward.
4 of the 5 switches feed our general office vlans for voice and data however the 5th switch is there for expansion and not in use. As such I have left the config changes in place on it and have tied myself and a colleague into it and have been operating fine for over a week now. So the config that I use seems sound in theory and should work on the other 4 switches with no issue.
View 14 Replies
View Related
Apr 9, 2012
I am working in a environment that is classed as collapssed Layer 3 environment. We have a core 6500 with routed links to 3560's which are access switches.
We have layer 3 vlans on the access switches, one for data one for voice.On the layer 3 vlans we have ip helper addresses that are used for DHCP. The DHCP servers are located on the 6500.
I recently had a incident where someone plugged a netgear router into a desk point because they thought they could use it for a switch. This router then started to dish out IP addresses to people in the morning for those who came in and docked their laptops. 99% of people weren't affected because they have desktop PC's are their leases hadn't expired.
Now we have bpduguard, bpdufilter to prevent people from plugging in switches that send out BPDU's. However this doesn't prevent the above senario where someone plugs a router or a 'dumb' switch that doesn't send BPDU's.Because of the above senario I started looking at DHCP Snooping, but I am unsure on a couple of things.
With the topology of our network I understand that I don't need to configure IP DHCP Snooping Trust on the L3 uplinks to our core switch. From what I understand I just need to enable IP DHCP Snooping globaly and then on the VLAN's on the access switch (because of the L3 topology VLAN's are local to the access switches). Only if I had L2 uplinks to the core would I need to configure IP DHCP Snooping Trust on the trunk links.
View 2 Replies
View Related
Jan 18, 2013
I am trying to understand the basics of DHCP snooping. I have a just a 3560 switch and a laptop ( to get a DHCP address) and my DSL router which has a DHCP server running. On the switch I have enabled "IP DHCP Snooping" and "IP DHCP Snooping VLAN 1" plugged the laptop and DSL router in and the laptop gets and IP address, should it?
I thought all ports were untrusted by default so the DHCP server should be blocked at offering IP addresses? If I wanted the DHCP server to be allowed to offer IP's I thought I should need to trust the port.
View 3 Replies
View Related
Nov 24, 2011
I got some problem with enabling dhcp snooping on 4500 (cat4500e-lanbasek9-mz.122-54.SG.bin) the topology is as below: dhcp snooping enabled only on CORE (with interface trusted to dhcp server)the problem is that I put these 2 commands
ip dhcp snooping
ip dhcp snooping vlan 1
but it is not enabled on any vlan
SW-CORE#sh ip dhcp snooping
Switch DHCP snooping is enabled
DHCP snooping is configured on following VLANs:
none
DHCP snooping is operational on following VLANs:
[Code]...
On B1 if I turn it on there is a "1" in the section " DHCP snooping is configured on following VLANs:" but on core no.As you can see I did put the trusted on the interface in the direction to the dhcp.First I thought it can be a problem with option 82, I've read a lot about the issues with that, but the problem would be explicable if the client did receive IP address, but it does.
View 3 Replies
View Related
Nov 14, 2012
I am trying to find a command for dhcp snooping rate-limiting on a CatOS. The PFC card is PFC. PFC3B is said to support that command. But there seems no this command.
-6k> (enable) sh ver
WS-C6509-E Software, Version NmpSW: 8.4(5)
Copyright (c) 1995-2005 by Cisco Systems
NMP S/W compiled on Aug 3 2005, 13:26:46
[Code] ......
Up time is 1183 days, 1 hour, 41 minutes
View 3 Replies
View Related
Jan 9, 2013
I recently installed DHCP snooping on a 3750v2 switch (Version 12.2(55)SE4) and configured the uplink(Po2) as a trusted port. The problem is that clients cannot receive an IP address. When I disable DHCP snooping it is working properly. DHCP snooping is configured correctly but I don't have an idea how to resolve it. [code]I tested the solution on the same kind of hardware switch and firmware and it worked out fine. What is causing the clients not to receive an IP address from the DHCP server?
View 10 Replies
View Related
Feb 10, 2011
Just spoke to the TAC and didn't get the information needed. When configuring ip dhcp snooping database I am adding this to my configuration:ip dhcp snooping database scp://dhcpsec@192.168.1.50/home/dhcpsec/switch1.dhcp.database.txt..I assumed that to do this I would either specify the password on the command line, similar to the way its done when using ftp/http, or that I would need to create a public/private key.I have enabled scp and can manually copy a file from the switch to the linux server. So I believe I have all the aaa commands correct. Cisco WS-C3560G-24PS System image file is "flash:/c3560-ipservicesk9-mz.122-55.SE.bin".
View 3 Replies
View Related
Oct 8, 2012
i have a strange problem in my campus network.im trying to run port security on my access switches which they are 3550 with ios c3550-ipservicesk9-mz.122-52.SE when i run the port security with Sticky option, even i put 1000 mac address for just learning on the port but when i issue the switchport port-security command every pc connected to that port loses its connection with network UNTIL i enable dhcp snooping!!! all my client are getting they ip address from DHCP server but strange thing is that how on earth i have to enable DHCP snooping to port security work properly? also when i check the configuration under the interface when dhcp snooping is not yet enabled switch doesnt add any mac address under the interface so no one can work until i enable snooping and then switch adds mac addresses under the interface configuration.is this Bug on this version of IOS?[code]
View 4 Replies
View Related
Sep 24, 2012
we've an infrastructure were the Access is based on Cat3750G Stacks connected to both Cores using L3 connections.On the Access Switches are implemented the following features DHCP Snooping, IP Source Guard and Dynamic ARP Inspection and all is working fine since years...the DHCP Servers are on a dedicated stack which act as a SFarm.
On the Access Switches the port configuration is the following:the Uplink Ports to both of the Cores are configured in TRUST for DHCP Snooping and ARP Inspection the Access Ports, where the end-device are connected, are UNTRUST for DHCP and ARP Inspection with IP Source Guard Active Right now I've to add a new L2 switch on one of the Access Port and I'm wondering if this is possible since I've to keep on the Stack Access Ports all the security feature active and I've also to implement DHCP Snooping on the new L2 switch to avoid rouge DHCP Server...
I suppose that the uplink to the L2 switch on the Stack Access Switch should be left as it is connected to an end device...but the uplink port on the L2 switch should be set up as TRUST...isn'it? Keeping in mind that I want to implement DHCP Snooping also on this L2 switch to avoid that Rogue DHCP Servers will impact the end-device connected to this L2 switch...is this scenario possible??? or I can't do that and should leave DHCP Snooping only on the Access Stack.
View 2 Replies
View Related
Sep 14, 2010
I've configured ip dhcp snooping on several vlans I want to monitor and the binding table doesn't seem to be building.eature DHCP is on, global ip dhcp snooping is enabled, VLAN snooping is enabled on the vlan's I want to monitor and my trusted interfaces are also configured. Alas no binding entries in the table! 7K is running 4.2(6).
View 1 Replies
View Related
Sep 25, 2012
I need to apply DHCP snooping on 4500 series switches working as L2 in my Network. We have external DHCL Server in another location connected with 6500 series switch.
Running EIGRP Configured Voice & Data Vlan both
DHCP Server -------- 6509 switch<----------------------------------->6509 Switch -------- 4500 switch ----------------------------------------------------------Ip Phones.
(ving Redundant) (ving Redundant)
I need to know whether the configuration which I mentioned in scenario is enough for apply DHCP snooping in my network.
View 4 Replies
View Related
Feb 18, 2013
I configured port security on my 2960 switches with the following commands: [code]
The problem is that when I should change someone's PC, first I disable port-secirity, then I clear all the mac addresses learned on the interface, then I plug the new PC and enable port-security. The new PC couldn't connect to the network and it's mac address has not be learned on the interface. Why?Which commands should I use to clear an old mac address and enable port-security with the new mac address.
View 4 Replies
View Related
Jul 23, 2012
we have cisco 2960 switch which is connected to a cisco 2811 router. flapping issue between these two devices??
The following actions i have taken, but no result.. I have changed cables. have set speed to 100 and duplex full on both the interfaces but the interfaces are showing up up still not getting connectivity. same i have to auto on both sides still no result what configurations should i set to resolve this issue...?
View 10 Replies
View Related
Sep 27, 2012
how my switches are configured, a cisco 3750 and a cisco 4506.[code] i can ping the gateway from the 3750 however cannot get anything past that or enything to it.
View 12 Replies
View Related
Apr 23, 2012
I would like to know how many port channel can i configured in the switch 3750 X ? and if there is a limitation by IOS ?
View 4 Replies
View Related
Jul 5, 2012
I've recently purchased a Cisco catalyst 2960S-24TS-L & setup 3 V LANS 10 (no current IP),20 (192.168.2.1) and 30 (192.168.3.1) to reflect the router V LAN configuration & ip information. When connecting my PC to the switch to test connectivity on (2.1 & 3.1) I'm unable to connect to the the net but can successfully ping GW (int FE0.20 & FE0.30) 192.168.2.1 & 3.1.
The router is an Cisco 1801 & it seems this is where the configuration issue is but I'm unable to figure out how to complete the setup. It has been quite awhile since I've configured a Cisco router.
Ive never had this router connected to a switch so all router switch ports are in the default VLAN1 (192.168.1.2), with FE0 disabled. In trying to get the switch to communicate with the router I made the following router config modifications.
FE0 enabled with subinterfaces configured
FE0.10-currently no ip
FE0.20-192.168.2.1/27
FE0.30-192.168.3.1/27
I have two issues I want to resolve:
1) I do not know what additional steps are required to allow 2.1.& 3.1 V LANs to access the net.
2) I want to disable VLAN1 if possible & use the network IP for VLAN10 (192.168.1.0). I'm unsure how to do this as any change on VLAN1 immediately breaks router access and the router reconfiguration becomes more complicated with changes to the FW ACL etc.
View 2 Replies
View Related
Mar 5, 2012
Facing some DHCP issue. I got my laptop directly connected with Cisco 2960 switch. However it is not getting valid IP.
View 1 Replies
View Related
Jul 23, 2012
I have a cisco 3560 24PS and its connected to two ADSL broard band routers.one is a personal broadband line using a Billion ADSL broadband router, and the other is a business broardband line using BT's 2wire broadband line.on the Billion routers i have various things attached like a NAS and a printers, both wired connections. then i have laptops and phones that connect over wifi, so its configured to act as a DHCP server
the only thing conncted to my 2wire router is my company's laptop (wired or wifi depending on where i'm working from), so again i have it working as a dhcp server.The switch is configured with multiple vlans, with dhcp scopes assigned for each vlan.I have a static route pointing all traffic to my Billion ADSL for internet connectivity.
The problem i'm having is that when i turn on the cisco switch, all wifi conected devices loose their conection. only 2 things get it working again, a reboot of the router, or disabling then enabling the DHCP service on the router.upon further analysis i was able to find out that the devices were not able to pick up an address from the router. again i looked deeper into this and i can see the following on logs of my router: [code]
so it seems that the router tuns off its DHCP capabilities because it detects that my Cisco switch is running DHCP services. I need to figure out how to keep the billion routers DHCP running when ever the switch is turned on.is there a way of filtering out any DHCP chat from the switch to the router?
View 7 Replies
View Related
Nov 27, 2011
WE HAVE cISCO 2960 SWITCHES. this switch acts as a dhcp server for the hosts connected to it. Provided mac based binding to the hosts, with enabled dhcp snooping and IP source guard per interface.' I have a problem with single host couldnt get an ip from dhcp as he binded based on mac: manualip. Here is my config: We have a VLAN99, 70 hosts connected should get an ip based on mac
switch(2960<config>interface vlan99
# ip address 10.10.14.2 255.255.255.0(code)
The above host amit (10.10.14.31 swhould get this ip bindded with mac) but hez not getting manual ip i.e 10.10.14.31, but if an ip excluded from the dhcp free, he can get that ip i.e automatic ip . every other host are getting the ips as binded in the pool manual ip. Checked with
**sh mac-address table dynamic vlan 99 ()
**clear ip dhcp binding * or 10.10.14.31
** clear ip dhcp snooping binding
*** clear ip dhcp conflict *
Tried to change pool names. All these troubleshoot couldn't make me success in providing amit an manual ip.
View 10 Replies
View Related
Jan 3, 2012
I want to implement port-based and MAC-based in these two switches: 2960 & 3560 (both of them have this IOS version: 12.2(55)SE1). And I haven't found a way to implement both of them at the same time. This is what I got:
ip dhcp use subscriber-id client-id
ip dhcp subscriber-id interface-name
ip dhcp excluded-address 192.168.0.0 192.168.0.2
ip dhcp excluded-address 192.168.0.251 192.168.0.255
[code]....
With this configuration I can use port-based, but not MAC based. If I remove the first two lines and change the last line for this one:
address 192.168.0.7 client-id 0112.ae1d.af58.60
Then, the computer with that MAC address got the correct IP, but then the port-based doesn't work. Also, I got this line in the interface what I want to use MAC-based:
ip dhcp server use subscriber-id client-id
View 3 Replies
View Related
Feb 10, 2013
I need to buy a cheap Cisco switch with DHCP server.Can you confirm that 2960-24-S, 2960-24TC-S and 2960-48TC-S be a DHCP server?
View 3 Replies
View Related
