< Home

All Users Cannot Obtain IP Address after DHCP Snooping Is Enabled

Fault Description

The possible causes are as follows:
  • The interface connected to the DHCP server is not configured as the trusted interface.
  • After DHCP snooping is enabled globally, DHCP snooping is not enabled on the interface connecting to users or in the VLAN to which the interface belongs.

Procedure

  1. Check whether the interface connected to the DHCP server is in a correct state.
    1. Run the display dhcp snooping configuration and display dhcp snooping [ interface interface-type interface-number | vlan vlan-id ] commands to check in which VLANs and on which interfaces DHCP snooping is enabled and whether "Trusted interface: Yes" is displayed for the interface connected to the DHCP server.

      By default, an interface is in the untrusted state. When receiving messages from the network-side interfaces, the device processes only the DHCP reply messages received on the trusted interface and discards those on untrusted interfaces. When receiving messages from user-side interfaces, the device forwards the messages only to the trusted interface.

    2. Check whether the interface connected to the DHCP server is a trusted interface. If it is not a trusted interface, run the dhcp snooping trusted command in the VLAN or interface view to configure the interface as a trusted interface.

      When DHCP snooping is enabled on a DHCP relay agent, a trusted interface does not need to be configured on the DHCP relay agent. After receiving DHCP Request messages from users, the DHCP relay agent converts the source/destination IP addresses and MAC addresses, and forwards the messages to the valid DHCP server in unicast mode. Therefore, the DHCP ACK messages received by the DHCP relay agent are valid, and the DHCP snooping binding entries generated by the DHCP relay agent are correct.

  2. If the interface status is correct, check whether DHCP snooping is enabled on the interface connected to users or the VLAN to which the interface belongs.
    1. Run the display dhcp snooping configuration and display dhcp snooping [ interface interface-type interface-number | vlan vlan-id ] commands to check whether DHCP snooping is enabled on the interface connected to users or the VLAN to which the interface belongs.
    2. DHCP snooping should be enabled on the interface connected to users or VLAN to which the interface belongs. If it is not enabled, run the dhcp snooping enable command in the VLAN or interface view to enable it.
Parent Topic: Troubleshooting DHCP Snooping
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic