1

We have Cisco Catalyst 4507R running IOS v12.2 that appears to be dropping valid DHCP requests. Checking for the requests using tcpdump on the DHCP server and on a machine connected to a monitoring port shows that only after 30s (and on the 8th request) does the request make it to the server.

The request packets appear to not have any indicators that would trigger the DHCP control features on the switch that I know of, and are from uBoot doing a network boot (but also show when other machines are booting)

Below is the DHCP snooping config on the switch, I do notice that the restrictions on hwaddr, giaddr and Option 82 are enabled, but these do not appear to be present/invalid in the offending packets.

bitumen>show ip dhcp snooping 
Switch DHCP snooping is disabled
DHCP snooping is configured on following VLANs:
none
DHCP snooping is operational on following VLANs:
none
DHCP snooping is configured on the following L3 Interfaces:

Insertion of option 82 is enabled
   circuit-id default format: vlan-mod-port
   remote-id: 000b.fdd5.cf00 (MAC)
Option 82 on untrusted port is not allowed
Verification of hwaddr field is enabled
Verification of giaddr field is enabled
DHCP snooping trust/rate is configured on the following Interfaces:

Interface                  Trusted    Allow option    Rate limit (pps)
-----------------------    -------    ------------    ----------------

(Edit: Further investigation suggests that it's not DHCP specifically being dropped, but some form of ~30s delay after the network before traffic is passed)

Mutabah
  • 3
  • 1
Mutabah
  • 11
  • 2
  • Is the client on the same vlan as the dhcp server, or are you using an ip helper-address? – sjw Dec 09 '12 at 11:53

2 Answers2

3

It looks to me like portfast is not enabled on the appropriate switch ports.

http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a00800b1500.shtml

http://www.cisco.com/en/US/docs/switches/lan/catalyst4000/7.4/configuration/guide/stp_enha.html

joeqwerty
  • 108,377
  • 6
  • 80
  • 171
  • Note that you should make a considered decision whether to enable portfast or tolerate the 30 second delay. You should generally not enable portfast if the port might ever get connected to a switch. – David Schwartz Dec 09 '12 at 22:31
  • On some recent Cisco switches this option can be found in "Spanning Tree => STP Interface Settings => Edit". Switch "Edge Port" to "Enabled" for every port not used to connect to another switch. – Tometzky Aug 11 '14 at 13:55
1

Have you checked that the port is actually up before the 30 seconds limit? What else is happening in those 30 seconds?

I'm not a Cisco user, but in general there might be things like spanning tree taking their time before enabling the port.

Theuni
  • 938
  • 5
  • 14