Dear Team.
I am stuck in DHCP snooping scenario. As i use to enable DHCP-Snooping on the switches, the PABX stops to give ip addresses to the IP phones.
PABX is connected with Server farm switch with VLAN 20 for voice. I enabled VLAN base DHCP-snooping on this switch and trusted the port on which the PABX is connected (1/1/10). Configuration on server switch for DHCP-Snooping as per below:
vlan 20 members port 1/1/10 untagged
dhcp-snooping vlan 20 admin-state enable
dhcp-snooping binding admin-state disable
dhcp-snooping linkagg 1 trust
Core Switch Configuration:
dhcp-snooping vlan 20 admin-state enable
dhcp-snooping binding admin-state disable
dhcp-snooping linkagg 1 trust \\connected to server switch
Distribution Switch Configuration
dhcp-snooping vlan 20 admin-state enable
dhcp-snooping binding admin-state disable
dhcp-snooping linkagg 1 trust \\connected to Core switch switch
Access Switch Configuration
dhcp-snooping vlan 20 admin-state enable
dhcp-snooping binding admin-state disable
dhcp-snooping linkagg 1 trust \\connected to Distribution switch switch
Guide me where i did mistake in the configuration or how can i more secure the LAN network with L2 DCHP-Snooping configuration.
PABX (1/1/20) --- Server Switch (0/1) --- Core Switch (0/1) Distribution Switch --- (0/1) Access switch (1/1/1 -10) Ip Phones
I had attached the diagram for your further reference so it would be easy for you guys to give me a suitable solution.
Hi! - I moved the server over the week end to handle the daily incoming connections (about 200K/day) but it looks like I aimed too low for the resources. I'm going to have to move this server (hopefully for the last time) this week. I'm sorry for the interruption.
DHCP Snooping Setup
Re: DHCP Snooping Setup
Hi!
Your diagram is missing, but from the information you posted, it looks like you are missing dhcp-snooping port 1/1/10 trust on the server switch
Your diagram is missing, but from the information you posted, it looks like you are missing dhcp-snooping port 1/1/10 trust on the server switch
Re: DHCP Snooping Setup
Hi,
Sorry for that.
I had configured port trust on Server Farm switch. but still facing the issue.
Is the configuration fine that i had done.
Do i need to configure DAI also along with DHCP-Snooping.
Sorry for that.
I had configured port trust on Server Farm switch. but still facing the issue.
Is the configuration fine that i had done.
Do i need to configure DAI also along with DHCP-Snooping.
Re: DHCP Snooping Setup
Then try re-enabling the binding table on all switches. I never disable it when I implement dhcp-snooping (it's on by default I believe).
Re: DHCP Snooping Setup
I don't see any miss config. Important to trust the ports/lag to the dhcp server. This you have done. Also correct that dhcp binding should be enabled.
With your config dhcp server should work. I seldom use it per vlan - normaly you can activate dhcp snooping global.
But what do you expect from your config? Only to avoid wrong dhcp server? Or also to protect against ARP spoofing attack?
BR Silvio
With your config dhcp server should work. I seldom use it per vlan - normaly you can activate dhcp snooping global.
But what do you expect from your config? Only to avoid wrong dhcp server? Or also to protect against ARP spoofing attack?
BR Silvio
