Hi,
We have setup dhcp snooping with option 82 insertion to authenticate clients based on their vlan-id. Sometimes DHCPOFFER requests fail to make it back to the client, as the switch thinks the opt82 data is not local. This seems wrong as the opt82 dump according to the switch for both the insertion and DHCPOFFER (from the dhcp server) are identical. (The opt82 “remote-id” mac addess matches the switch mac address and circuit-ids are also identical.)
This leaves me with two possibilities, firstly the MT is corrupting the dhcp offer in some way or the cisco ios is faulty? I think its the MT as sometimes when I clear out the lease (in offerred state) manually on the MT the next dhcp attempt works ok. Also turning on “Always Broadcast” generally means that no clients can connect.
Any suggestions (The timing is out a few seconds in the logs below)?
Cisco switch:
Nov 26 16:08:08.375 ACDT: DHCP_SNOOPING: received new DHCP packet from input interface (FastEthernet0/9)
Nov 26 16:08:08.375 ACDT: DHCP_SNOOPING: process new DHCP packet, message type: DHCPDISCOVER
Nov 26 16:08:08.375 ACDT: DHCP_SNOOPING: add relay information option.
Nov 26 16:08:08.379 ACDT: DHCP_SNOOPING_SW: Encoding opt82 in vlan-mod-port format
Nov 26 16:08:08.379 ACDT: DHCP_SNOOPING: binary dump of relay info option, length: 20 data:
0x52 0x12 0x1 0x6 0x0 0x4 0x0 0x67 0x0 0x8 0x2 0x8 0x0 0x6 0x0 0x16 0x9D 0x5 0xB9 0x80
Nov 26 16:08:08.379 ACDT: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (103)
Nov 26 16:08:08.383 ACDT: DHCP_SNOOPING_SW: bridge packet send packet to port: FastEthernet0/3.
Nov 26 16:08:09.387 ACDT: DHCP_SNOOPING: received new DHCP packet from input interface (FastEthernet0/3)
Nov 26 16:08:09.391 ACDT: DHCP_SNOOPING: process new DHCP packet, message type: DHCPOFFER
Nov 26 16:08:09.391 ACDT: DHCP_SNOOPING: binary dump of option 82, length: 20 data:
0x52 0x12 0x1 0x6 0x0 0x4 0x0 0x67 0x0 0x8 0x2 0x8 0x0 0x6 0x0 0x16 0x9D 0x5 0xB9 0x80
Nov 26 16:08:09.391 ACDT: DHCP_SNOOPING: binary dump of extracted circuit id, length: 8 data:
0x1 0x6 0x0 0x4 0x0 0x67 0x0 0x8
Nov 26 16:08:09.395 ACDT: DHCP_SNOOPING: binary dump of extracted remote id, length: 10 data:
0x2 0x8 0x0 0x6 0x0 0x16 0x9D 0x5 0xB9 0x80
Nov 26 16:08:09.395 ACDT: DHCP_SNOOPING_SW: opt82 data indicates not a local packet
Nov 26 16:08:09.395 ACDT: DHCP_SNOOPING: can't parse option 82 data of the message,it is either in wrong format or not inserted by local switch
Nov 26 16:08:09.395 ACDT: DHCP_SNOOPING_SW: client address lookup failed to locate client interface, retry lookup using packet mac DA: ffff.ffff.ffff
Nov 26 16:08:09.399 ACDT: DHCP_SNOOPING_SW: lookup packet destination port failed to get mat entry for mac: 0060.6419.d8c5
Nov 26 16:08:09.399 ACDT: DHCP_SNOOPING: can't find output interface for dhcp reply. the message is dropped.
Mikrotik:
16:08:06 dhcp,debug,packet dhcp1 received discover with id 3267477726 from 0.0.0.0
16:08:06 dhcp,debug,packet flags = broadcast
16:08:06 dhcp,debug,packet ciaddr = 0.0.0.0
16:08:06 dhcp,debug,packet chaddr = 00:60:64:19:D8:C5
16:08:06 dhcp,debug,packet Msg-Type = discover
16:08:06 dhcp,debug,packet Unknown(57) = 04-00
16:08:06 dhcp,debug,packet Parameter-List = Subnet-Mask,Router,Vendor-Specific,NETBIOS-Name-Server,Unknown(46),Unknown(47),Domain-S
erver
16:08:06 dhcp,debug,packet Host-Name = "NatRouter"
16:08:06 dhcp,debug,packet Class-Id = 4D-53-46-54-20-39-38-00-73
16:08:06 dhcp,debug,packet Client-Id = 01-00-60-64-19-D8-C5
16:08:06 dhcp,debug,packet Relay-Agent-Info = 01-06-00-04-00-67-00-08-02-08-00-06-00-16-9D-05-B9-80
16:08:06 radius,debug new request 17:c27 code=Access-Request service=dhcp called-id=dhcp1
16:08:06 radius,debug sending 17:c27 to x.x.x.x:1812
16:08:06 radius,debug,packet sending Access-Request with id 255 to x.x.x.x:1812
16:08:06 radius,debug,packet Signature = 0x55a3c4a8547530053ce1d1807fb3275a
16:08:06 radius,debug,packet NAS-Port-Type = 15
16:08:06 radius,debug,packet NAS-Port = 2202012598
16:08:06 radius,debug,packet Calling-Station-Id = "1:0:60:64:19:d8:c5"
16:08:06 radius,debug,packet Called-Station-Id = "dhcp1"
16:08:06 radius,debug,packet User-Name = "00:60:64:19:D8:C5"
16:08:06 radius,debug,packet User-Password = 0x
16:08:06 radius,debug,packet Unknown-Attribute(vendor=Redback, type=96) = 0x000600169d05b980
16:08:06 radius,debug,packet Unknown-Attribute(vendor=Redback, type=97) = 0x000400670008
16:08:06 radius,debug,packet NAS-Identifier = "NAS"
16:08:06 radius,debug,packet NAS-IP-Address = y.y.y.y.137
16:08:06 radius,debug,packet received Access-Accept with id 255 from x.x.x.x:1812
16:08:06 radius,debug,packet Signature = 0xf734f8169f069e7950349dd683da2492
16:08:06 radius,debug,packet Framed-IP-Address = 255.255.255.254
16:08:06 radius,debug received reply for 17:c27
16:08:06 dhcp,debug,packet dhcp1 sending offer with id 3267477726 to 255.255.255.255
16:08:06 dhcp,debug,packet flags = broadcast
16:08:06 dhcp,debug,packet ciaddr = 0.0.0.0
16:08:06 dhcp,debug,packet yiaddr = z.z.z.138
16:08:06 dhcp,debug,packet siaddr = z.z.z.129
16:08:06 dhcp,debug,packet chaddr = 00:60:64:19:D8:C5
16:08:06 dhcp,debug,packet Msg-Type = offer
16:08:06 dhcp,debug,packet Server-Id = z.z.z.129
16:08:06 dhcp,debug,packet Address-Time = 1800
16:08:06 dhcp,debug,packet Subnet-Mask = 255.255.255.224
16:08:06 dhcp,debug,packet Router = z.z.z.129
16:08:06 dhcp,debug,packet Domain-Server = ip,ip
16:08:06 dhcp,debug,packet Relay-Agent-Info = 01-06-00-04-00-67-00-08-02-08-00-06-00-16-9D-05-B9-80