DHCP Snooping on Cisco 3750X Blocks Access Point DHCP Request

Up to Discussions in Wireless (CCNA Wireless)

2726 Views 11 Replies Latest reply: Jun 21, 2012 10:21 AM by Steven Williams

Currently Being Moderated

DHCP Snooping on Cisco 3750X Blocks Access Point DHCP Request

Jun 20, 2012 6:46 AM

Mike Jamrog

80 posts since
Apr 18, 2010

It appears that DHCP Snooping turned on, on our 3750x switches is blocking access ports for our Wireless Access Points.

My question is why? How are these any different then a pc plugged into an access port in a vlan requesting a DHCP reservation?

The access point ports are not trusted and when they are rebooted they do not receive their DHCP reservation.

However when the ports are trusted they do.

Thanks,

Mike

Like (0)

Tags: trusted, dhcp_snooping, dhcp, wireless, ap, access_point

Steven Williams
3,126 posts since
Jan 26, 2009

Currently Being Moderated

1. Jun 20, 2012 8:04 AM (in response to Mike Jamrog)
Re: DHCP Snooping on Cisco 3750X Blocks Access Point DHCP Request

What is the configuration of the switch ports?

Report Abuse

Like (0)
Steven Williams
3,126 posts since
Jan 26, 2009

Currently Being Moderated

2. Jun 20, 2012 8:21 AM (in response to Steven Williams)
Re: DHCP Snooping on Cisco 3750X Blocks Access Point DHCP Request

make sure all your trunk ports to the DHCP server are trusted.

Report Abuse

Like (0)
Mike Jamrog
80 posts since
Apr 18, 2010

Currently Being Moderated

3. Jun 21, 2012 6:24 AM (in response to Steven Williams)
Re: DHCP Snooping on Cisco 3750X Blocks Access Point DHCP Request

Now
=================
interface FastEthernet2/0/44
switchport access vlan 100
switchport mode access
mls qos trust dscp
storm-control broadcast level 5.00
storm-control action trap
spanning-tree portfast
ip dhcp snooping trust

Before though
=================
interface FastEthernet2/0/44
switchport access vlan 100
switchport mode access
mls qos trust dscp
storm-control broadcast level 5.00
storm-control action trap
spanning-tree portfast

Report Abuse

Like (0)
Mike Jamrog
80 posts since
Apr 18, 2010

Currently Being Moderated

4. Jun 20, 2012 10:52 AM (in response to Mike Jamrog)
Re: DHCP Snooping on Cisco 3750X Blocks Access Point DHCP Request

I should also note, there is nothing in the logs of the switch saying dhcp_snooping is blocking anything. Also once the access ports the AP's are on were trusted, they were able to get their normal dhcp reservation.

Report Abuse

Like (0)
Steven Williams
3,126 posts since
Jan 26, 2009

Currently Being Moderated

5. Jun 20, 2012 11:08 AM (in response to Mike Jamrog)
Re: DHCP Snooping on Cisco 3750X Blocks Access Point DHCP Request

Where is your DHCP addressing coming from? The 3750 itself? Or another server? What does your ingress trunk ports look like?

Report Abuse

Like (0)
Mike Jamrog
80 posts since
Apr 18, 2010

Currently Being Moderated

6. Jun 20, 2012 11:46 AM (in response to Steven Williams)
Re: DHCP Snooping on Cisco 3750X Blocks Access Point DHCP Request

We have 3 seperate DHCP Servers. We don't use the switches as the DHCP server.

switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1-15,26,27,33,100,101,254,301,308,309,319,327
switchport trunk allowed vlan add 399,700,720,820,888,889,900,999
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust dscp
auto qos voip trust
storm-control broadcast level 5.00
storm-control action trap
ip dhcp snooping trust

Report Abuse

Like (0)
Steven Williams
3,126 posts since
Jan 26, 2009

Currently Being Moderated

7. Jun 20, 2012 12:23 PM (in response to Mike Jamrog)
Re: DHCP Snooping on Cisco 3750X Blocks Access Point DHCP Request

Can you do a show vlan br and a show int trunk

Also this is configured on your trunk ports leading to the DHCP server? I run DHCP snooping in over 50 locations with DHCP enabled AP's and do not have any issues. Are you using a controller? If so what model? Do you have any ACL's?

Report Abuse

Like (0)
Mike Jamrog
80 posts since
Apr 18, 2010

Currently Being Moderated

8. Jun 21, 2012 6:23 AM (in response to Steven Williams)
Re: DHCP Snooping on Cisco 3750X Blocks Access Point DHCP Request

The controller we are testing on right now is a cisco 5508.
No ACL's.

show int trunk
===============
3750-1#show int trunk
Port        Mode             Encapsulation Status        Native vlan
Gi1/0/1     on               802.1q         trunking      1

Port        Vlans allowed on trunk
Gi1/0/1     1-15,26-27,33,100-101,254,301,308-309,319,327,399,700,720,820,888-889,900,999

Port        Vlans allowed on trunk
Gi1/0/1     1-15,26-27,33,100-101,254,301,308-309,319,327,399,700,720,820,888-889,900,999
Port        Vlans allowed and active in management domain
Gi1/0/1     1-15,26-27,33,100-101,254,301,308-309,319,327,399,700,720,820,888-889,900,999

Port        Vlans in spanning tree forwarding state and not pruned
Gi1/0/1     1-15,26-27,33,100-101,254,301,308-309,319,327,399,700,720,820,888-889,900,999

show vlan br (only showing the LWAP vlan)
===============
100 V100-LWAP                        active    Fa2/0/39, Fa2/0/40, Fa2/0/41, Fa2/0/42,
                                                              Fa2/0/43, Fa2/0/44, Fa2/0/45, Fa2/0/46

Basically we have a 5508 controller connected to our 6500 core. Turned on DHCP snooping. Upgraded Controller code and ap code. When the controller and AP's rebooted they were unable to get their DHCP reservations. Added the AP access ports as trusted ports like the above example f2/0/44 and then they got their dhcp reservations.

Report Abuse

Like (0)
Steven Williams
3,126 posts since
Jan 26, 2009

Currently Being Moderated

9. Jun 21, 2012 6:40 AM (in response to Mike Jamrog)
Re: DHCP Snooping on Cisco 3750X Blocks Access Point DHCP Request

My setup is very similar. My 5508's are plugged into my core 6500, but I am not running dhcp snooping on my core, because my AP's are not plugged into that device. Take a look at my diagram. Its not very complicated at all. See if it helps. Otherwise I would need some more specifics to lab it up at my desk and see if I can replicate the problem

Attachments:

New Microsoft Office Visio Drawing.jpg (70.3 K)

Report Abuse

Like (0)
Mike Jamrog
80 posts since
Apr 18, 2010

Currently Being Moderated

10. Jun 21, 2012 10:05 AM (in response to Steven Williams)
Re: DHCP Snooping on Cisco 3750X Blocks Access Point DHCP Request

Ya, our core ports aren't running dhcp snooping either. Just the uplink trunk ports from the core to our edge switches.

Report Abuse

Like (0)
Steven Williams
3,126 posts since
Jan 26, 2009

Currently Being Moderated

11. Jun 21, 2012 10:21 AM (in response to Mike Jamrog)
Re: DHCP Snooping on Cisco 3750X Blocks Access Point DHCP Request

The trust command only needs to be configured on the inbound trunk port on the switch where the AP is attached. So in your case...the trunk interface on your access switch that goes to the core.

Report Abuse

Like (0)

Go to original post

Actions

Register / Login to Access Content & Participate in the Community
Learn More About
The Cisco Learning Network
View print preview

_Communities

DHCP Snooping on Cisco 3750X Blocks Access Point DHCP Request

Jun 20, 2012 6:46 AM

Actions

More Like This

Bookmarked By (0)