为什么当 DHCP snooping 开启时,Cisco IOS 交换机会将数据包发送到 giaddr 字段为零的 DHCP 服务器?

网络工程 思科 dhcp cisco-ios-15 dhcp 监听
2022-02-27 09:30:13

我最近对交换机启用了 DHCP 侦听的网络进行了故障排除,即使充当 DHCP 服务器的路由器连接到受信任的端口,客户端也无法获得 IP 地址。

在对交换机和路由器进行进一步的数据包分析和调试后,我发现了一些奇怪的东西:

在开关上:

sw1#debug ip dhcp snooping packet
DHCP Snooping Packet debugging is on
sw1#
*Jan  9 10:17:29.337: DHCP_SNOOPING: received new DHCP packet from input interface (GigabitEthernet0/0)
*Jan  9 10:17:29.340: DHCP_SNOOPING: process new DHCP packet, message type: DHCPDISCOVER, input interface: Gi0/0, MAC da: ffff.ffff.ffff, MAC sa: 0050.7966.6800, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 0050.7966.6800
*Jan  9 10:17:29.340: DHCP_SNOOPING: message type : DHCPDISCOVER DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 0050.7966.6800
*Jan  9 10:17:29.341: DHCP_SNOOPING: add relay information option.
*Jan  9 10:17:29.341: DHCP_SNOOPING_SW: encoding opt82 cid in vlan-mod-port format
*Jan  9 10:17:29.342: DHCP_SNOOPING_SW: Encoding opt82 RID in MAC address format
*Jan  9 10:17:29.342: DHCP_SNOOPING: binary dump of relay info option, length: 20 data:
*Jan  9 10:17:29.343: 0x52 
*Jan  9 10:17:29.343: 0x12 
*Jan  9 10:17:29.344: 0x1 
*Jan  9 10:17:29.344: 0x6 
*Jan  9 10:17:29.345: 0x0 
*Jan  9 10:17:29.345: 0x4 
*Jan  9 10:17:29.346: 0x0 
*Jan  9 10:17:29.346: 0x1 
*Jan  9 10:17:29.347: 0x0 
*Jan  9 10:17:29.347: 0x0 
*Jan  9 10:17:29.347: 0x2 
*Jan  9 10:17:29.348: 0x8 
*Jan  9 10:17:29.348: 0x0 
*Jan  9 10:17:29.349: 0x6 
*Jan  9 10:17:29.349: 0xC 
sw1#
*Jan  9 10:17:29.350: 0x27 
*Jan  9 10:17:29.350: 0xBB 
*Jan  9 10:17:29.351: 0x0 
*Jan  9 10:17:29.351: 0x9F 
*Jan  9 10:17:29.352: 0x0 
*Jan  9 10:17:29.353: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (1)
*Jan  9 10:17:29.353: DHCP_SNOOPING_SW: bridge packet send packet to port: GigabitEthernet0/1, vlan 1.

在路由器/DHCP 服务器上:

DHCP#debug ip dhcp server packet
DHCP server packet debugging is on.
DHCP#
*Jan  9 10:17:50.919: DHCPD: inconsistent relay information.
*Jan  9 10:17:50.921: DHCPD: relay information option exists, but giaddr is zero.

经过更多的挖掘,我发现:

请注意,默认情况下,Cisco IOS 设备拒绝“giaddr”为零的数据包,并且默认情况下,Cisco Catalyst 交换机在配置为 DHCP 侦听时使用“giaddr”为零!(来源)

现在我对该giaddr领域了解不多,并且了解 DHCP 服务器应该将报价发送到giaddr地址,而不是它接收请求的地址。

所以,我的问题是,当启用 DHCP 监听时,为什么 Cisco 的交换机giaddr在将数据包发送到 DHCP 服务器时会变成全零?

1个回答

从技术上讲,它没有任何设置 giaddr原始请求的字段为空,并且交换机没有更改它,因为它不是实际的 dhcp-relay。问题是添加选项 82 的开关,然后 IOS dhcpd 不喜欢该选项。关闭选项 82 [ no ip dhcp snooping information option],您的问题应该会消失。无论如何,IOS 并没有对这些信息做任何事情。

ip dhcp snooping glean也是一种选择——只读窥探)

其它你可能感兴趣的问题
上一篇IPv6 地址的哪一部分由 RIR 分配? 下一篇没有端口号如何访问网站?