Yes, it doesn't matter which one, as soon as I remove global snooping settings from either one of them, DHCP client starts receiving DHCP packets and getting IP address. Unfortunately both switches are used by a high number of clients and removing IP dhcp snooping even from a single switch would outweigh the benefits of being able to fully use DHCP. I was thinking that perhaps I am missing something simple as it seems rather odd that I couldn't configure dhcp snooping between multiple switches without being able to make some exceptions for specific ports or VLANS. Both dhcp server and client reside within the same VLAN.
All of the DHCP clients within the same switch on which DHCP server resides are able to receive DHCP snooping even without it being turned off. I am starting to think that something is being added on the uplink packets that are leaving the switch.
This is a pretty basic representation of DHCP snooping settings on switches:
SW1:
#(conf) ip dhcp snooping (general dhcp snooping settings)
#(conf) ip dhcp snooping vlan 505 (I am telling it to target this vlan)
#(dhcp server port) ip dhcp snooping trust
#(port-channel to router) ip dhcp snooping trust
SW2:
#(conf) ip dhcp snooping (general dhcp snooping settings)
#(conf) ip dhcp snooping vlan 505 (I am telling it to target this vlan)
#(dhcp client port) ip dhcp snooping trust (it shouldn't really need this but, for debugging sake)
#(port-channel to router) ip dhcp snooping trust
I tried various combinations. I am starting to believe that it might be due to some optional 82 setting with DHCP packets even though I don't see any config enabled on either of the switches or router. However I am only guessing. I have seen this problem on Cisco switches, but the solution for it was to specifically for cisco.
It is not router fault. I created a lab environment out of two S4810 switches connected directly to each other and encountered the same problem under the same circumstances.
Switch under which DHCP server is connected presents with these errors.
%DHCP-6-DHCPNOGIADDR: DHCP: DHCP message from server((null)) has no giaddr present - repeated 482
I think the circumstances of the error are explained in this forum even if it's for cisco:
"DHCP renewal packets are sent with option82 that causes "DHCP-6-DHCPNOGIADDR" messages to be generated when server replies. When client sends a DHCP renewal packet, relay agent sets its option 82 field without setting the giaddr field. When such request is received, server stips the option 82 and replies back with the giaddr not set. On such reply, relay agent throws the error message and drop the packet."
Which would be weird since there is no settings for option 82 enabled or DHCP relay. Isn't there anyone who encountered this issue when using multiple switches with DHCP snooping on?
And on why it works if either of the switches have IP DHCP snooping disabled is probably because if you disable IP dhcp snooping on server side sw the DHCP reply packet won't be messed up and client side sw probably accepts it normally. If you disable it on the client side sw the switch simply does not check the packet for correctness and allows it to pass through to the client server.
AndriusLi
1 Rookie
•
24 Posts
0
September 29th, 2017 14:00
Yes, it doesn't matter which one, as soon as I remove global snooping settings from either one of them, DHCP client starts receiving DHCP packets and getting IP address. Unfortunately both switches are used by a high number of clients and removing IP dhcp snooping even from a single switch would outweigh the benefits of being able to fully use DHCP. I was thinking that perhaps I am missing something simple as it seems rather odd that I couldn't configure dhcp snooping between multiple switches without being able to make some exceptions for specific ports or VLANS. Both dhcp server and client reside within the same VLAN.
All of the DHCP clients within the same switch on which DHCP server resides are able to receive DHCP snooping even without it being turned off. I am starting to think that something is being added on the uplink packets that are leaving the switch.
This is a pretty basic representation of DHCP snooping settings on switches:
SW1:
#(conf) ip dhcp snooping (general dhcp snooping settings)
#(conf) ip dhcp snooping vlan 505 (I am telling it to target this vlan)
#(dhcp server port) ip dhcp snooping trust
#(port-channel to router) ip dhcp snooping trust
SW2:
#(conf) ip dhcp snooping (general dhcp snooping settings)
#(conf) ip dhcp snooping vlan 505 (I am telling it to target this vlan)
#(dhcp client port) ip dhcp snooping trust (it shouldn't really need this but, for debugging sake)
#(port-channel to router) ip dhcp snooping trust
I tried various combinations. I am starting to believe that it might be due to some optional 82 setting with DHCP packets even though I don't see any config enabled on either of the switches or router. However I am only guessing. I have seen this problem on Cisco switches, but the solution for it was to specifically for cisco.
supportforums.cisco.com/.../2189599
This is what I get from switch on which I keep my DHCP server when my client requests for DHCP and is unable to receive it.
%STKUNIT0-M:CP %DHCP-6-DHCPNOGIADDR: DHCP: DHCP message from server((null)) has no giaddr present - repeated 6 times
AndriusLi
1 Rookie
•
24 Posts
0
October 2nd, 2017 04:00
Checked how packets go from DHCP server up to the client and noticed the location at which the packet is dropped and never reaches client.
Request packet:
Client server -> SW2 -> Router -> SW1 -> DHCP server
Reply packet:
DHCP server -> SW1 -> Router -> SW2 (It reaches client server switch but never reaches the client itself, it is dropped)
AndriusLi
1 Rookie
•
24 Posts
0
October 2nd, 2017 09:00
Hi, thanks for your suggestions.
It is not router fault. I created a lab environment out of two S4810 switches connected directly to each other and encountered the same problem under the same circumstances.
Switch under which DHCP server is connected presents with these errors.
%DHCP-6-DHCPNOGIADDR: DHCP: DHCP message from server((null)) has no giaddr present - repeated 482
I think the circumstances of the error are explained in this forum even if it's for cisco:
"DHCP renewal packets are sent with option82 that causes "DHCP-6-DHCPNOGIADDR" messages to be generated when server replies. When client sends a DHCP renewal packet, relay agent sets its option 82 field without setting the giaddr field. When such request is received, server stips the option 82 and replies back with the giaddr not set. On such reply, relay agent throws the error
message and drop the packet."
https://community.spiceworks.com/topic/626273-need-help-on-a-switch-log-regarding-dhcp
Which would be weird since there is no settings for option 82 enabled or DHCP relay. Isn't there anyone who encountered this issue when using multiple switches with DHCP snooping on?
And on why it works if either of the switches have IP DHCP snooping disabled is probably because if you disable IP dhcp snooping on server side sw the DHCP reply packet won't be messed up and client side sw probably accepts it normally. If you disable it on the client side sw the switch simply does not check the packet for correctness and allows it to pass through to the client server.
murmanov
1 Rookie
•
62 Posts
0
February 7th, 2018 01:00
Hello, Andrius, did you figure out how to solve this issue? Looks like I have similar issue, but switch is different (Force10 MXL).
https://www.dell.com/community/Networking/Force10-MXL-10-40-dhcp-snooping-issue/td-p/5792408/jump-to/first-unread-message