On Wednesday, October 30, 2013 03:56:22 PM Yehuda Katz wrote: > I know some Cisco switches have the option to block DHCP > replies on ports not marked as trusted (DHCP Snooping). > I have never seen one where I had access to the > configuration and the setting was on, so I am not sure > what to expect, but it might explain why you don't see > the reply in a mirror.
Enabling DHCP Snooping on a Cisco switch is very simple:
# conf t
# ip dhcp snooping vlan Y-Z
#!
# ip dhcp snooping
#!
# interface GigabitEthernet0/40
# ip dhcp snooping trust
#!
A violate would be logged like so:
%DHCP_SNOOPING-5-DHCP_SNOOPING_MATCH_MAC_FAIL: DHCP_SNOOPING
drop message because the chaddr doesn't match source mac,
message type: DHCPDISCOVER, chaddr: <mac.ad.d.re.ss>, MAC
sa: <mac.ad.dre.ss>
If this helps...
Cheers,
Mark.
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
