Problem with DHCP Snooping and Option 82 (Resolve)

  • 1
  • Idea
  • Updated 5 months ago
Hi team!
I test DHCP Snooping on switches ICX7250 and ICX7150 (hw ver. 8.0.9). DHCP-Server was Cisco switch.

I configured DHCP Snooping according to manual:
    enable acl-per-port-per-vlan
    ip dhcp snooping vlan 100
   interface lag 1
    dhcp snooping trust

Clients on untrusted ports didn't get ip addresses from DHCP-Server.
All because DHCP option 82 is enabled on ICX by default and switch addes it to requests. But Cisco switch doesn't understand this requests.

Debug log from ICX7250:
    DHCP: snooping on for vlan 100, port 1/1/1
    DHCP: rcv on port 1/1/1, intercept DHCP pkt, Request
    DHCP: snooping on port 1/1/1, smac 10e7.c6e5.4d01, type 3, VRF default-vrf>10e7.c6e5.4d01
    DHCP Option82: Adding option 82
    DHCP Option82: 20 bytes added.
    DHCP Option82: Adding option 82

Debug log from Cisco switch (DHCP-server):
    DHCPD: Reload workspace interface Vlan100 tableid 0.
    DHCPD: tableid for on Vlan100 is 0
    DHCPD: client's VPN is .
    DHCPD: inconsistent relay information.
    DHCPD: relay information option exists, but giaddr is zero.

I disabled DHCP option 82 and it's started work normally:
    (config)#ip dhcp snooping relay information disable
        or on interface
    (config-if-e1000-1/1/1)#no ip dhcp snooping relay information

Maybe anybody knows another way to resolve this problem.
Photo of Nik Kul

Nik Kul

  • 13 Posts
  • 1 Reply Like

Posted 5 months ago

  • 1
Photo of Robert Placencia

Robert Placencia

  • 5 Posts
  • 0 Reply Likes
option 82 is known to cause issues and it is recommended to disable it.  Even on my 99% cisco network, the "no ip dhcp snooping information option" is a part of our standard configuration.