We're having a really hard time wrapping our heads around our DHCP Snooping issues with our 9300 switches. Long story short, our IP phones are unable to receive a DHCP IP address when snooping is turned on. Once we disable DHCP snooping, the phone immediately gets an IP address and works properly. All of our 3850 switches are configured with DHCP snooping and we have never had any issues.
Here's our DHCP Snooping config on our lab switch:
ip dhcp snooping vlan 26-27,249
ip dhcp snooping
interface GigabitEthernet1/0/48
switchport mode trunk
ip dhcp snooping trust
We have our lab switch config as bare bones as you can get. ISE is not configured on it at all.
I have tried all of the following versions of code with no luck:
-Everest 16.6.3
-Everest 16.6.5
-Everest 16.6.6
-Fuji 16.9.3
-Fuji 16.9.4
TAC seems to still be scratching their heads. We're surprised that this doesn't seem to be a wider issue with other customers. I've found many Cisco forum posts about users experiencing this issue but without any clear direction to a solution.
We've taken a packet capture with DHCP snooping on and it shows during the DHCP 'handshake' that only Discover and Offer are transmitted. The Request and ACK portion of the 'handshake' never come through. Once I turn DHCP snooping off, we can then see the full four step Discover, Offer, Request, ACK.
Has anyone found a solution?
No comments:
Post a Comment