Servers could not obtain ip address from dhcp server after ip dhcp snooping is enabled.

The topology

dhcp1.png

In SW, ip dhcp snooping is enabled on vlan 999 which Linux-Lubuntu and Linux-Kali belong.

Problem

After ip dhcp snooping is enabled on SW, Linux-Lubuntu and Linux-Kali could not get ip address from dhcp.

Cause

ip dhcp snooping information option is enabled globally on SW by default, this means SW by default acts as a dhcp relay agent by inserting option 82. However the SW does not seem to set the giaddr to non-zero and hence dhcp drops the request.

Solution

  1. Disable ip dhcp snooping information option in SW in global configuration.
  2. Enable ip dhcp relay information trusted on interface e0/0 of dhcp.
Advertisements
This entry was posted in General stuffs, Security and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s