Interesting, I first tried dhcp-snooping when setting up but the command was rejected so I looked for what the new command was and found dchpv4-snooping so that's what I went with. When looking once more now, there is both dchp-snooping and dhcpv4-snooping with v4 being marked as deprecated. However dhcp snooping was enabled since disabling it resolved the immediate problem I had and statistics was showing its actions. I can try re-enabling it with the current command but I doubt that the underlying code is any different and the problem will likely return.
Original Message:
Sent: Oct 11, 2024 06:24 AM
From: R0h0LM
Subject: Problem with CX6000 and DHCP Snooping
Hi.
the 10.14 command should be 'dhcp-snooping'. This will enable dhcp-snooping.
I usually put in "authorized-server" as well.
You can see all the options here:
https://www.arubanetworks.com/techdocs/AOS-CX/10.14/HTML/ip_services_4100i-6000-6100/Content/Chp_DHCP_snoop/Dv4Snoop_cmds/dhc-sno-840-10-cpe.htm
Original Message:
Sent: Oct 10, 2024 08:54 AM
From: Borgsquirrel
Subject: Problem with CX6000 and DHCP Snooping
Firmware: PL.10.14.0007
In the older Procurves we had the config was like:
dhcpv4-snooping
dhcpv4-snooping option 82 untrusted-policy keep (to accomodate for Meraki AP's)
no dhcpv4-snooping verify mac (to accomodate for Meraki AP's)
And assign trusted ports and which interfaces or vlan's it should be enabled for. And it has worked fine for years.
Same config for AOS10 and it appears to be mostly working for the AP connected clients but not for wired connections. The working AP clients associated to the AP's connected to the switch could of course have roamed there, can't really tell. But checking the sh dhcp4-snooping bindings and statistics, there are bindings in the table and there are no traces of any dropped traffic. However, clients do not get any IP address unless I disable snooping.
Adding dhcpv4-snooping event-log client does not reveal any troubles really either. What am I missing here?