Having some weird issues on a WS-C3850-24XU with DHCP snooping. It is running IOS-XE 03.07.04E.
According to the "debug ip dhcp snooping packet" output, Sep 26 16:34:44.713 PDT: DHCP_SNOOPING: process new DHCP packet, message type: DHCPDISCOVER, input interface: Te1/0/22, MAC da: ffff.ffff.ffff, MAC sa: 002a.1034.84d2, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 002a.1034.84d2 Sep 26 16:34:44.713 PDT: DHCP_SNOOPING: message type : DHCPDISCOVER DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 002a.1034.84d2 Sep 26 16:34:44.713 PDT: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (146) Sep 26 16:34:44.763 PDT: DHCP_SNOOPING: received new DHCP packet from input interface (Port-channel15) Sep 26 16:34:44.774 PDT: DHCP_SNOOPING: process new DHCP packet, message type: DHCPOFFER, input interface: Po15, MAC da: 002a.1034.84d2, MAC sa: 547f.eed3.06c1, IP da: 172.26.94.230, IP sa: 172.26.92.3, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 172.26.94.230, DHCP siaddr: 172.31.145.108, DHCP giaddr: 172.26.92.3, DHCP chaddr: 002a.1034.84d2 Sep 26 16:34:44.774 PDT: DHCP_SNOOPING: message type : DHCPOFFER DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 172.26.94.230, DHCP siaddr: 172.31.145.108, DHCP giaddr: 172.26.92.3, DHCP chaddr: 002a.1034.84d2 Sep 26 16:34:44.774 PDT: DHCP_SNOOPING: direct forward dhcp replyto output port: TenGigabitEthernet1/0/22. Everything looks correct. However, the device on Te1/0/22 just keeps sending DHCPDISCOVERs like it never gets the DHCPOFFER. And all 20 or so devices on the switch have the same issue. I fired up a SPAN to a PC with Wireshark and watched a port. It sees the DHCPDISCOVER go out, but never sees the DHCPOFFER either. The setup is pretty bland, switch-mgig#sh run | i dhcp no service dhcp ip dhcp snooping vlan 100-4094 no ip dhcp snooping information option ip dhcp snooping ip dhcp snooping trust ip dhcp snooping trust ip dhcp snooping trust (The trusted interfaces are the port-channel uplink and the two physical links it contains.) The DHCPOFFER is getting back to this switch and it says is it delivering it, so I don't think it could be an issue with some other device between the endpoint and DHCP server messing it up. It looks like the switch is lying and eating the DHCPOFFER. We have pretty much the same configuration on some WS-C3850-48P running 03.06.03E. Works fine. Something with MGig ports or the IOS-XE? Or am I missing something? One other little tidbit that may be related. The CLI is hesitant on this system. Went looking for a CPU hog and found this, switch-mgig# sh proc cpu detail process iosd sort | ex 0.0 Core 0: CPU utilization for five seconds: 50%; one minute: 59%; five minutes: 65% Core 1: CPU utilization for five seconds: 38%; one minute: 36%; five minutes: 40% Core 2: CPU utilization for five seconds: 13%; one minute: 28%; five minutes: 35% Core 3: CPU utilization for five seconds: 12%; one minute: 27%; five minutes: 29% Core 4: CPU utilization for five seconds: 94%; one minute: 68%; five minutes: 44% Core 5: CPU utilization for five seconds: 23%; one minute: 28%; five minutes: 32% PID T C TID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process (%) (%) (%) 9168 L 2416230 3197929 755 16.94 17.08 17.53 0 iosd 9168 L 1 9168 920270 2777222 0 9.37 9.18 9.54 0 iosd 9168 L 0 10133 1491480 375100 0 7.54 7.88 7.98 0 iosd.fastpath 280 I 1513410 1585246 0 53.88 51.99 53.77 0 NGWC DHCP Snooping 233 I 12900 24355 0 0.66 0.44 0.44 0 Spanning Tree 19 I 3900 22511 0 0.33 0.11 0.11 0 CMI IOSd task 322 I 4660 45924 0 0.33 0.11 0.11 0 MMA DB TIMER 189 I 3470 45925 0 0.22 0.11 0.11 0 VRRS Main thread -- Crist J. Clark _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/