Recently setup DHCP snooping, ARP inspection, and IP source guard on our core switch. Our network is a collapsed core setup so just a core switch and access switches underneath that. We have 2 user VLANs. One is a BYOD network (VLAN 100) and one is a network with regular clients and also thin clients that pull images from our servers( VLAN 101). Everything is working fine on vlan 100, but vlan 101 is having issues. After putting these changes in place, devices can no longer reach the DHCP server. Thin clients will not pull images and regular clients lose all connectivity.
Used the following commands
ip dhcp snooping vlan 100, 101 ip arp inspection vlan 100, 101 ip dhcp snooping trust (on all trunks) ip arp inspection trust (on all trunks) no ip dhcp information option ip verify source vlan dhcp-snooping (on all access ports) When troubleshooting this, the first thing I took off was source guard, and that did not fix the issue, so I do not think that was the problem. I then took off dhcp snooping and arp inspection together and that fixed the problem.
Does anyone know why I would only have issues with this on one vlan, or something else i should look at or try? The byod vlan has snooping, DAI, and source guard all enabled and working fine with no issue.
No comments:
Post a Comment