-
1. Re: DHCP Snooping on Cisco 3750X Blocks Access Point DHCP Request
Steven Williams Jun 20, 2012 8:04 AM (in response to Mike)What is the configuration of the switch ports?
-
2. Re: DHCP Snooping on Cisco 3750X Blocks Access Point DHCP Request
Steven Williams Jun 20, 2012 8:21 AM (in response to Steven Williams)make sure all your trunk ports to the DHCP server are trusted.
-
3. Re: DHCP Snooping on Cisco 3750X Blocks Access Point DHCP Request
Mike Jun 21, 2012 6:24 AM (in response to Steven Williams)Now
=================
interface FastEthernet2/0/44
switchport access vlan 100
switchport mode access
mls qos trust dscp
storm-control broadcast level 5.00
storm-control action trap
spanning-tree portfast
ip dhcp snooping trust
Before though
=================
interface FastEthernet2/0/44
switchport access vlan 100
switchport mode access
mls qos trust dscp
storm-control broadcast level 5.00
storm-control action trap
spanning-tree portfast
-
4. Re: DHCP Snooping on Cisco 3750X Blocks Access Point DHCP Request
Mike Jun 20, 2012 10:52 AM (in response to Mike)I should also note, there is nothing in the logs of the switch saying dhcp_snooping is blocking anything. Also once the access ports the AP's are on were trusted, they were able to get their normal dhcp reservation.
-
5. Re: DHCP Snooping on Cisco 3750X Blocks Access Point DHCP Request
Steven Williams Jun 20, 2012 11:08 AM (in response to Mike)Where is your DHCP addressing coming from? The 3750 itself? Or another server? What does your ingress trunk ports look like?
-
6. Re: DHCP Snooping on Cisco 3750X Blocks Access Point DHCP Request
Mike Jun 20, 2012 11:46 AM (in response to Steven Williams)We have 3 seperate DHCP Servers. We don't use the switches as the DHCP server.
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1-15,26,27,33,100,101,254,301,308,309,319,327
switchport trunk allowed vlan add 399,700,720,820,888,889,900,999
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust dscp
auto qos voip trust
storm-control broadcast level 5.00
storm-control action trap
ip dhcp snooping trust
-
7. Re: DHCP Snooping on Cisco 3750X Blocks Access Point DHCP Request
Steven Williams Jun 20, 2012 12:23 PM (in response to Mike)Can you do a show vlan br and a show int trunk
Also this is configured on your trunk ports leading to the DHCP server? I run DHCP snooping in over 50 locations with DHCP enabled AP's and do not have any issues. Are you using a controller? If so what model? Do you have any ACL's?
-
8. Re: DHCP Snooping on Cisco 3750X Blocks Access Point DHCP Request
Mike Jun 21, 2012 6:23 AM (in response to Steven Williams)The controller we are testing on right now is a cisco 5508.
No ACL's.
show int trunk
===============
3750-1#show int trunk
Port Mode Encapsulation Status Native vlan
Gi1/0/1 on 802.1q trunking 1
Port Vlans allowed on trunk
Gi1/0/1 1-15,26-27,33,100-101,254,301,308-309,319,327,399,700,720,820,888-889,900,999
Port Vlans allowed on trunk
Gi1/0/1 1-15,26-27,33,100-101,254,301,308-309,319,327,399,700,720,820,888-889,900,999Port Vlans allowed and active in management domain
Gi1/0/1 1-15,26-27,33,100-101,254,301,308-309,319,327,399,700,720,820,888-889,900,999
Port Vlans in spanning tree forwarding state and not pruned
Gi1/0/1 1-15,26-27,33,100-101,254,301,308-309,319,327,399,700,720,820,888-889,900,999show vlan br (only showing the LWAP vlan)
===============
100 V100-LWAP active Fa2/0/39, Fa2/0/40, Fa2/0/41, Fa2/0/42,
Fa2/0/43, Fa2/0/44, Fa2/0/45, Fa2/0/46
Basically we have a 5508 controller connected to our 6500 core. Turned on DHCP snooping. Upgraded Controller code and ap code. When the controller and AP's rebooted they were unable to get their DHCP reservations. Added the AP access ports as trusted ports like the above example f2/0/44 and then they got their dhcp reservations.
-
9. Re: DHCP Snooping on Cisco 3750X Blocks Access Point DHCP Request
Steven Williams Jun 21, 2012 6:40 AM (in response to Mike)My setup is very similar. My 5508's are plugged into my core 6500, but I am not running dhcp snooping on my core, because my AP's are not plugged into that device. Take a look at my diagram. Its not very complicated at all. See if it helps. Otherwise I would need some more specifics to lab it up at my desk and see if I can replicate the problem
-
10. Re: DHCP Snooping on Cisco 3750X Blocks Access Point DHCP Request
Mike Jun 21, 2012 10:05 AM (in response to Steven Williams)Ya, our core ports aren't running dhcp snooping either. Just the uplink trunk ports from the core to our edge switches.
-
11. Re: DHCP Snooping on Cisco 3750X Blocks Access Point DHCP Request
Steven Williams Jun 21, 2012 10:21 AM (in response to Mike)The trust command only needs to be configured on the inbound trunk port on the switch where the AP is attached. So in your case...the trunk interface on your access switch that goes to the core.