I have a network with a 3550 switch behind a PIX. The PIX is acting as the DHCP server on its inside interface. We had an incident with a rogue DHCP server on the LAN.
Turning on DHCP snooping on the switch causes the PIX to stop handing out leases. I'm new to DHCP snooping configs, this is probably something simple I've overlooked in the configuration, I've RTFM to no avail. Switch is Version 12.2(37)SE1, PIX is 7.2(2) Switch config: ! ip dhcp snooping vlan 1 ip dhcp snooping ! ! interface FastEthernet0/48 description PIX inside switchport mode access spanning-tree portfast ip dhcp snooping trust ! sw1#sh ip dhcp snoop Switch DHCP snooping is enabled DHCP snooping is configured on following VLANs: 1 DHCP snooping is configured on the following Interfaces: Insertion of option 82 is enabled circuit-id format: vlan-mod-port remote-id format: MAC Option 82 on untrusted port is not allowed Verification of hwaddr field is enabled Interface Trusted Rate limit (pps) ------------------------ ------- ---------------- FastEthernet0/48 yes unlimited PIX config: dhcpd dns x.x.x.x y.y.y.y dhcpd domain foo.com ! dhcpd address 192.168.100.50-192.168.100.200 inside dhcpd dns y.y.y.y z.z.z.z interface inside dhcpd domain foo.com interface inside dhcpd enable inside PIX debug shows the following on receipt of a DHCP request: DHCPD: inconsistent relay information. DHCPD: relay information option exists, but giaddr is zero. DHCPD: Unable to load workspace. DHCPD: inconsistent relay information. DHCPD: relay information option exists, but giaddr is zero. DHCPD: Unable to load workspace. Turning off snooping on the switch brings it back operational. -- Jay Hennigan - CCIE #7880 - Network Engineering - [EMAIL PROTECTED] Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/