Saturday, January 5, 2019

dhcp-snooping nuisance - unauthorized server 0.0.0.0

Hi

I am battling a nuisance on an HP core switch with dhcp snooping syslog messages indicating an unauthorized server 0.0.0.0

00854 dhcp-snoop: backplane: Unauthorized server 0.0.0.0 detected on port ...

I believe it's linked to a Windows 7 client problem described here: https://community.extremenetworks.com/extremeswitching-exos-223284/dhcp-snooping-false-positives-5899530 - basically a client is sending an offer packet rather than an acknowledgement/request.

There is no impact on the network as far as I can tell as no issues with IP assignment were reported.

Still it is my task to get it ironed out.

Now the complication is that the only information in the syslog is what port these packets are coming on - and these are trunks to distribution switches which have no dhcp snooping enabled so the trail stops there.

If that was on an access switch - the port information would allow me to identify the machines or some such. Sadly as it is it seems I need a "creative" solution to be able to track down machines which are doing this to get the IT to slap on a hotfix or some such. Hoping I'll find it here :-)

Cheers



No comments:

Post a Comment