On an S series switch enabled with DHCP snooping, the reason why the user cannot obtain the IP address after changing the terminal's location

0

On an S series switch enabled with DHCP snooping, a binding table is generated on the switch after a user obtains an IP address. If the user is switched to another interface of the device without releasing the IP address, the user cannot obtain the IP address or access the network.
The corresponding binding table has been generated. The user attempts to apply for the same IP address with the same MAC address on a different interface. In this case, the switch does not know whether the user has switched to another interface or an unauthorized user attempts to access the network; therefore, the switch does not modify the binding table. As a result, the user fails to obtain the IP address and access the network. To solve this problem, you can delete the binding table from the switch.

Other related questions:
Reasons why users cannot obtain IP addresses after DHCP Snooping is configured on S series switch
After DHCP snooping is enabled, all interfaces on S series switches are untrusted by default. DHCP Discover packets, however, must be forwarded from a trusted interface on the switch. Therefore, you must configure the interface connected to the DHCP server as a trusted interface to ensure that users connected to the switch can obtain IP addresses.

Why cannot users obtain IP addresses after DHCP snooping is configured
After DHCP snooping is enabled, all the interfaces on the device are untrusted interfaces by default. In this case, you need to use dhcp snooping trusted command to set the status of the interfaces connected to the DHCP server to trusted. Otherwise, the DHCP Reply messages sent from the DHCP server are discarded and users connected to the device cannot obtain IP addresses from the DHCP server.

Why the clients on a DHCP snooping network cannot obtain IP addresses after they move
On a network using DHCP snooping-enabled S series switches, a binding table is generated on the switch after a user obtains an IP address. If the user is switched to another port of the switch without releasing the IP address, the user may fail to obtain this IP address and access the network. If a user attempts to apply for the same IP address with the same MAC address on a different port after the corresponding binding table has been generated, the switch cannot distinguish whether the user has switched to another port or an unauthorized user attempts to access the network. As a result, the switch does not modify the binding table, resulting in the user's failure to obtain the IP address. To solve this problem, you can delete the binding table from the switch.

Clients cannot obtain IP addresses through DHCP after the DHCP relay agent is upgraded
This problem may occur on a fixed switch in the following scenario: - The switch was upgraded from V100R002/V100R003 to V100R005/V100R006. - The switch functions as a DHCP relay agent and is configured with the dhcp relay information enable command. - An authentication mechanism is enabled before the DHCP server allocates an IP address to a client. The authentication server authenticates the client based on the option 82 field. After the dhcp relay information enable command is configured on the switch, the interface name that the switch encapsulates in the DHCP option 82 field varies according to the system software version: - For V100R003 and earlier versions, a VLANIF interface name is encapsulated. - For V100R005 and later versions, a physical interface name is encapsulated. As different interface names may be encapsulated in the option 82 field before and after the upgrade, the authentication server may fail to authenticate the user based on the option 82 field. If this problem occurs, modify the user authentication configuration on the authentication server after the upgrade. To be specific, change the content of the option 82 field on the authentication server to the physical interface name, or change the user authentication policy by disabling DHCP option 82 field-based authentication.

Reasons why all IP and ARP packets are still discarded when DHCP snooping is not enabled on S series switch
The function of checking IP and ARP packets is enabled on an interface. If this function is enabled, the IP and ARP packets cannot match entries in the binding table and are therefore discarded.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top