现场反馈,设备运行过程中突然无法通过DHCP获取地址
5130---6520---7560
DHCP服务器配置在7560上,5130下接终端和AP,中间6520二层透传。
通过DHCP方式的流统,发现报文是丢在了5130上联6520的聚合口上,即从终端或AP收到的DHCP请求报文没有从5130的上联口发出去。
[2#-2F-OFFICE-POE-SW-a.a.a.a]dis qos policy interface inbound
Interface: GigabitEthernet1/0/19
Direction: Inbound
Policy: dhcp-c
Classifier: dhcp-c
Operator: AND
Rule(s) :
If-match acl 3010
If-match source-mac xxxx-xxxx-xxxx //测试终端mac
Behavior: dhcp-c
Accounting enable:
18 (Packets)
Interface: Ten-GigabitEthernet1/0/27
Direction: Inbound
Policy: dhcp-s
Classifier: dhcp-s
Operator: AND
Rule(s) :
If-match acl 3011
If-match source-mac yyyy-yyyy-yyyy
If-match destination-mac xxxx-xxxx-xxxx
Behavior: dhcp-s
Accounting enable:
0 (Packets)
Interface: Ten-GigabitEthernet1/0/28
Direction: Inbound
Policy: dhcp-s
Classifier: dhcp-s
Operator: AND
Rule(s) :
If-match acl 3011
If-match source-mac yyyy-yyyy-yyyy
If-match destination-mac xxxx-xxxx-xxxx
Behavior: dhcp-s
Accounting enable:
0 (Packets)
[2#-2F-OFFICE-POE-SW-a.a.a.a]dis qos policy interface out
[2#-2F-OFFICE-POE-SW-a.a.a.a]dis qos policy interface outbound
Interface: GigabitEthernet1/0/19
Direction: Outbound
Policy: dhcp-s
Classifier: dhcp-s
Operator: AND
Rule(s) :
If-match acl 3011
If-match source-mac yyyy-yyyy-yyyy
If-match destination-mac xxxx-xxxx-xxxx
Behavior: dhcp-s
Accounting enable:
0 (Packets)
Interface: Ten-GigabitEthernet1/0/27
Direction: Outbound
Policy: dhcp-c
Classifier: dhcp-c
Operator: AND
Rule(s) :
If-match acl 3010
If-match source-mac xxxx-xxxx-xxxx
Behavior: dhcp-c
Accounting enable:
0 (Packets)
Interface: Ten-GigabitEthernet1/0/28
Direction: Outbound
Policy: dhcp-c
Classifier: dhcp-c
Operator: AND
Rule(s) :
If-match acl 3010
If-match source-mac xxxx-xxxx-xxxx
Behavior: dhcp-c
Accounting enable:
0 (Packets)
在5130配置业务接口同样无法自动获取地址,手工配置地址可以和DHCP网关互通。
设备全局使能了dhcp snooping enable,上行朝向dhcp server的接口bagg1下没有配置为信任端口,因此转发不出去dhcp请求报文;另外,开启了dhcp snooping功能后,dhcp报文会上cpu处理,因此出方向统计不到;
至于为什么之前获取地址正常,后续又不能获取了;
沟通得知,bagg1聚合口是最近才加上去的,终端之前拿地址应该是在只用单根线的时候拿到的,等到地址最后老化超时了,再申请、设备bagg1有没有配置为信任端口,也就拿不到了;
将bagg1上配置为信任端口,问题已经解决;
将bagg1上配置为信任端口,问题已经解决;
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作