RE: [cisco-ttl] dhcp snooping

From: Cihan Akgn <cihan.akgun_at_....>
Date: Mon, 27 Oct 2008 12:39:26 +0200


Cagatay Merhaba;

Test bilgisayarin unplugged edip tekrardan plug ettim asagidaki ciktilari aldim.

Switch#debug ip dhcp snooping event
DHCP Snooping Event debugging is on
Switch#

4d22h: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down
4d22h: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to down
4d22h: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up
4d22h: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up
4d22h: DHCP_SNOOPING: checking expired snoop binding entries

Switch#sh ip dhcp snooping
Switch DHCP snooping is enabled
DHCP snooping is configured on following VLANs: 1-30,32-33,80
Insertion of option 82 is enabled

   circuit-id format: vlan-mod-port
    remote-id format: MAC
Option 82 on untrusted port is not allowed Verification of hwaddr field is enabled

Interface                    Trusted     Rate limit (pps)
------------------------     -------     ----------------
GigabitEthernet0/48          yes         100

Switch#show ip dhcp snooping binding
MacAddress          IpAddress        Lease(sec)  Type           VLAN  Interface
------------------  ---------------  ----------  -------------  ----  --------------------
Total number of bindings: 0

Switch#show ip dhcp snooping database
Agent URL : tftp://10.34.2.64
Write delay Timer : 300 seconds
Abort Timer : 300 seconds

Agent Running : No
Delay Timer Expiry : Not Running
Abort Timer Expiry : Not Running

Last Succeded Time : None
Last Failed Time : 01:54:58 GMT+2 Wed Mar 3 1993 Last Failed Reason : Unable to access URL.

Total Attempts       :       20   Startup Failures :       20
Successful Transfers :        0   Failed Transfers :       20
Successful Reads     :        0   Failed Reads     :        0
Successful Writes    :        0   Failed Writes    :        0
Media Failures       :        0

From: cisco-ttl_at_yahoogroups.com [mailto:cisco-ttl_at_yahoogroups.com] On Behalf Of Cagatay Avsar Sent: Monday, October 27, 2008 9:39 AM
To: cisco-ttl_at_yahoogroups.com
Subject: Re: [cisco-ttl] dhcp snooping

Merhaba Cihan,

Konfigurasyon dogru gorunuyor eger gozumden kacan birsey yoksa, show ip dhcp snooping
show ip dhcp snooping statistics
ciktilarini ve bir de test ederken "debug ip dhcp snooping" ciktisi gonderirsen sorunun sebebini anlayabiliriz saniyorum...

iyi calismalar
Cagatay Avsar

On Fri, Oct 24, 2008 at 9:41 AM, Cihan Akgn <cihan.akgun_at_zaman.com.tr<mailto:cihan.akgun%40zaman.com.tr>>wrote:

> Merhaba;
>
> Sirkette guvenlik acisindan icerideki kenar switchlerde dhcp snooping
> konfigurasyonunu enable etmek istiyorum. Bir takim test konfigurasyonlari
> yaptim fakat sonuc alamadim. Yapiyi aciklamam gerekirse hsrp ile redundant
> calisan 2 adet core switch uzerinde yaklasik 40 vlan in oldugu vlan
> interface leri var. DHCP server bu vlanlarlandan bir tanesinin icerisinde ve
> Core switchlerde vlan interface lerinin altinda ip helper address komutuyla
> dhcp server I tanimladim. Kenar switchlerdeki tum userlar hangi vlan da
> olurlarsa olsunlar ip alabiliyorlar. Daha sonra core switch e trunk linkler
> ile 3560g bir test switch I bagladim. Test switchin gi0/48 portunu trunk
> olarak tanimladim. Sonra asagidaki konfigurasyonu yaptim, fakat bu
> switchdeki userlar ip alamadilar.
>
> 3560G konfigurasyonu
>
> ip dhcp snooping vlan 1-35
> ip dhcp snooping
> !
> !
> !
> errdisable recovery cause psecure-violation
> errdisable recovery interval 30
> !
> interface GigabitEthernet0/1
> description test-client
> switchport access vlan 14
> switchport mode access
> switchport port-security
> switchport port-security aging time 1
> switchport port-security violation restrict
> !
> interface GigabitEthernet0/48
> desc uplink
> switchport trunk encapsulation dot1q
> switchport mode trunk
> ip dhcp snooping trust
>
> yukaridaki configler haricinde herhangi bir ayar yapmadim. Yardimci
> olabilirseniz sevinirim.
>
> Simdiden tesekkurler
>
> Cihan Akgun
>
> [Non-text portions of this message have been removed]
>
>
>

--
Cagatay AVSAR

[Non-text portions of this message have been removed]



[Non-text portions of this message have been removed]


------------------------------------

--
Cisco Teknik Tartisma Listesi (Cisco-ttl)

Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk 
kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri ya da 
bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu tutulamazlar.Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/cisco-ttl/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/cisco-ttl/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:cisco-ttl-digest_at_yahoogroups.com 
    mailto:cisco-ttl-fullfeatured_at_yahoogroups.com

<*> To unsubscribe from this group, send an email to:
    cisco-ttl-unsubscribe_at_yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
Received on Mon Oct 27 2008 - 14:14:30 CET

This archive was generated by hypermail 2.2.0 : Mon Oct 27 2008 - 14:14:31 CET