Hello,
I have the following DHCP snooping configuration on my Aruba 2930F 8-port switch:
2930F-SW01# show dhcp-snooping
DHCP Snooping Information
DHCP Snooping : Yes
Enabled VLANs : 1 12 14-16 18-19 71 75 80
Verify MAC address : Yes
Option 82 untrusted policy : drop
Option 82 insertion : Yes
Option 82 remote-id : mac
Store lease database : Not configured
Authorized Servers
------------------
192.168.18.1
Max Current Bindings
Port Trust Bindings Static Dynamic
----- ----- -------- ----------------
2 Yes - - -
3 No - 1 -
Ports 1,4-10 are untrusted
and the static bindings:
2930F-SW01# show dhcp-snooping binding
MacAddress IP VLAN Interface Time Left
----------------- --------------- ---- --------- ---------
b827eb-26bb60 192.168.18.2 18 3 static
b827eb-b94579 192.168.18.1 18 2 static
One Raspberry Pi running the DHCP server is patched into interface 2, and another one, running the DNS server (Pi-Hole), is patched into interface 3.
With this configuration, a Linux PC (arch-laptop) patched into interface 1 cannot get a dynamically assigned IP address from the DHCP server. Below is an excerpt of the "isc-dhcp-server status" command:
Mar 29 14:36:22 dhcp-server dhcpd[1150]: DHCPDISCOVER from 00:50:b6:45:d4:4a (arch-laptop) via eth0.14
Mar 29 14:36:22 dhcp-server dhcpd[1150]: DHCPOFFER on 192.168.14.4 to 00:50:b6:45:d4:4a (arch-laptop) via eth0.14
So, the laptop is offered an IP which it doesn't want to acknowledge.
Now, just a bit of background: the DHCP server has scopes configured for VLANs 14-16, 71, and 75 (only these VLANs accommodate DHCP clients). The arch-laptop client is patched into interface 1 which is untagged for VLAN 14.
If I completely disable DHCP snooping on the switch, or if I disable it only for VLAN 14, the laptop happily gets, and keeps the IP from the server.
To be honest, I am not really sure why the DHcP snooping has to be configured on each VLAN intended to be protected. Could anyone tell me where I am wrong? There is no question that I AM wrong... (sorry if this has been discussed before).
Cheerio!