Solved

DHCP Snooping and ASA

Posted on 2011-02-24
10
1,242 Views
Last Modified: 2012-05-11
Hello. We are implementing DHCP Snooping, and everything works fine except for the vlan thar are behind a Firewall. Disabling DHCP Snooping, all host on differents VLAN receive IP from DHCP Server, but with this feature enabled VLAN behind the firewall does not recieve IP from DHCP Server

Another question will be (according to the graph) wich ports must be set as "Trusted"? The por 1 in SW1 in wich the DHCP Server is connected for sure, but in SW2 for example, should be the Trunk Port1 trusted too?

SW: Catalyst 3750 (12.2(35)SE5)
FW: ASA 5520 8.0(4)

Thanks in advance and best regards

 DHCP Smooping
0
Comment
Question by:gan_nazer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
10 Comments
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 34976786
Hi,

YOu need to enable all vlan DHCP snnoping, and you need to enable on all DHCP servers_
so:

PORT1
PORT3
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 34976815
And you need to add heper address on the firewall VLAN2 interface to DHCP server!
0
 

Author Comment

by:gan_nazer
ID: 34978959
Thanks ikalmar, I'll try "trusting" in Port3 that was the only that we didn't. What about SW2 Port1, should be trusted to for assign IPs to host in that switch?
0
Raise the IQ of Your IT Alerts

From IT major incidents to manufacturing line slowdowns, every business process generates insights that need to reach the people required to take action. You need a platform that integrates with your business tools to create fully enabled DevOps toolchains.

You need xMatters.

 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 34979786
yep on SW1 you need to config to trusted port!
0
 

Author Comment

by:gan_nazer
ID: 34981212
It doesn't work behind the firewall, even for vlan 1 when i change the SW1 port 1 (DHCP Server) as untrusted, the host does not recieve IP (I think that is ok), but VLAN 2 (behind firewall) still receiving IP, that does not make sense for me...
0
 
LVL 34

Accepted Solution

by:
Istvan Kalmar earned 500 total points
ID: 34982583
you need to configure trusted for:
sw1: Port1
sw2: Port1,Port3

Did you configured helper address n the firewall?

0
 

Author Comment

by:gan_nazer
ID: 35001130
We will focused just in SW1 for the moment, I configured DHCP Relay in FW intrface connected to VLAN2 with the IP of DHCP Server, it works without DHCP Snooping feature enabled
0
 
LVL 34

Assisted Solution

by:Istvan Kalmar
Istvan Kalmar earned 500 total points
ID: 35001240
you need to enable DHCP snooping for VLAN1 and VLAN2, and you need to give trusted port the Port1, if it isn't working you need to add Port3
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 35275240
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question