Allied Telesis AT-8700XL Series, Rapier i Series Troubleshooting, No trusted ports configured

Page 20

Troubleshooting

Troubleshooting

Use the command enable dhcpsnooping debug=all to get the most verbose level of debugging available. In the following sections, all debugging comes from that command.

Let’s look at how you can use debugging to investigate some common problem scenarios.

No trusted ports configured

In the following output, you can see that a DHCP request has arrived at the switch on port 1. The switch does not forward this on to any other port.

DHCPSN_Process: [0b4333cc] DHCP Snooping pkt for VLAN 1

from port 1

 

DHCPSN_Process: [0b4333cc] Type: REQUEST

 

 

DHCPSN_Process: [0b4333cc] On DHCP Snooping non-trusted

port

 

DHCPSN_Process: [0b4333cc] DHCP Snoop forwarding pkt at

L2 for VLAN 1

InPort 1

DHCPSN_Process: [0b4333cc] L2 Dest MAC is broadcast

 

 

DHCPSN_Process: [0b4333cc] Type: REQUEST, L2 forward to

trusted ports

 

DHCPSN_Process: [0b4333cc] Forward ports (except 1)

 

 

DHCPSN_Process: [0b4333cc]

Tagged:None

 

 

DHCPSN_Process: [0b4333cc]

Untagged:None

 

 

 

 

 

 

The reason for this behaviour is because there are no trusted ports configured. Your DHCP server must be attached to a trusted port.

When a trusted port is configured, the debug shows a more complete conversation, as the following output shows.

Manager > set dhcpsnooping port=48 trusted=yes

Info (1137260): DHCP Snooping port(s) 48 updated successfully.

Manager >

 

 

 

DHCPSN_Process: [0b43a58c] DHCP Snooping pkt for VLAN 1

from port 1

 

DHCPSN_Process: [0b43a58c] Type: REQUEST

 

 

DHCPSN_Process: [0b43a58c] On DHCP

Snooping non-trusted

port

 

DHCPSN_Process: [0b43a58c] DHCP Snoop forwarding pkt at

L2 for VLAN 1

InPort 1

DHCPSN_Process: [0b43a58c] L2 Dest

MAC is broadcast

 

 

DHCPSN_Process: [0b43a58c] Type: REQUEST, L2 forward to

trusted ports

 

DHCPSN_Process: [0b43a58c] Forward

ports (except 1)

 

 

DHCPSN_Process: [0b43a58c]

Tagged:None

DHCPSN_Process: [0b43a58c]

Untagged:48

DHCPSN_Process: [0b43adac] DHCP Snooping pkt for VLAN 1 from port 48

DHCPSN_Process: [0b43adac] Type: REPLY

DHCPSN_Process: [0b43adac] On DHCP Snooping trusted port

DHCPSN_Process: [0b43adac] Lookup result for CHAddr 00-06-5b-31-14-af: Port 1

DHCPSN_Process: [0b43adac] DHCP Snoop forwarding pkt at L2 for VLAN 1 InPort 48

DHCPSN_Process: [0b43adac] L2 Dest MAC is broadcast

DHCPSN_Process: [0b43adac] Type: REPLY

DHCPSN_Process: [0b43adac] L2 forward using client port 1

DHCPSN_Process: [0b43adac] Forward ports (except 48)

DHCPSN_Process:

[0b43adac]

Tagged:None

DHCPSN_Process:

[0b43adac]

Untagged:1

Page 20 AlliedWare™ OS How To Note: DHCP Snooping on Rapier-style switches

Image 20
Contents AlliedWareTM OS IntroductionThis document contains the following contents Dhcp snooping Related How To NotesMinimum configuration Database survival across reboots DatabaseDhcp snooping database time-out Verifying the status of snooped usersList of terms ARP SecurityStatic binding Trusted and non-trusted portsEnabling Dhcp snooping Completely removing the Dhcp snooping database So the database is emptyDhcp Option Dhcp Message Type = Dhcp Request Protocol detailsExample Packet Configuring Option AnalysisConfiguring filtering Dhcp filteringTo enable Dhcp snooping ARP security Dhcp snooping filter show commandARP security Resource considerationsExample on a Rapier If ARP security is enabled, addOr if ARP security is enabled, is Configuration examples Configure a private Vlan for customersEnable Dhcp snooping and Option 82 support Add the tagged uplink ports to the VlanAdd the untagged ports for the customers Define the Dhcp snooping trusted portsCreate a traffic class for all upstream flow groups Create a set of QoS classifiersDefine the upstream QoS flow groups Configure two VLANs for layer 3 access to the Dhcp server Add ports to the VLANsFor layer 3 support, enable the Bootp Relay Define the Dhcp snooping trusted portCreate a set of QoS classifiers Troubleshooting No trusted ports configuredDHCPSNProcess 0b4333cc Dhcp Snooping pkt for Vlan From port DHCPSNProcess 0b4333cc TaggedNone UntaggedNoneDhcp client continually sends requests instead of a discover Maximum number of leases is exceededDhcpsnarp 01a6f5ec ARP to be forwarded, sender validated Switch is dropping ARPsManager set dhcpsnooping port=3 maxleases=2 Dhcpsnarp 02680e6c ARP to be forwarded, sender validated Trusted portsShow log command is also very useful Displaying log entriesAppendix 1 ISC Dhcp server C613-16086-00 REV B