Why the clients on a DHCP snooping network cannot obtain IP addresses after they move


On a network using DHCP snooping-enabled S series switches, a binding table is generated on the switch after a user obtains an IP address. If the user is switched to another port of the switch without releasing the IP address, the user may fail to obtain this IP address and access the network.
If a user attempts to apply for the same IP address with the same MAC address on a different port after the corresponding binding table has been generated, the switch cannot distinguish whether the user has switched to another port or an unauthorized user attempts to access the network. As a result, the switch does not modify the binding table, resulting in the user's failure to obtain the IP address. To solve this problem, you can delete the binding table from the switch.

Other related questions:
Why cannot users obtain IP addresses after DHCP snooping is configured
After DHCP snooping is enabled, all the interfaces on the device are untrusted interfaces by default. In this case, you need to use dhcp snooping trusted command to set the status of the interfaces connected to the DHCP server to trusted. Otherwise, the DHCP Reply messages sent from the DHCP server are discarded and users connected to the device cannot obtain IP addresses from the DHCP server.

Reasons why users cannot obtain IP addresses after DHCP Snooping is configured on S series switch
After DHCP snooping is enabled, all interfaces on S series switches are untrusted by default. DHCP Discover packets, however, must be forwarded from a trusted interface on the switch. Therefore, you must configure the interface connected to the DHCP server as a trusted interface to ensure that users connected to the switch can obtain IP addresses.

DHCP client cannot obtain a correct IP address
The request packets (DHCP discover) are broadcast by the DHCP clients. If multiple DHCP servers are located on the same subnet (for example, bogus DHCP server), the clients may obtain IP addresses from a bogus DHCP server. To address this problem, configure DHCP snooping. Then clients can receive DHCP packets from only the trusted DHCP server. Perform the following configuration: [Huawei] dhcp enable [Huawei] dhcp snooping enable [Huawei] interface gigabitethernet 1/0/1 //Enter the view of the interface connected to the DHCP client. [Huawei-GigabitEthernet1/0/1] dhcp snooping enable [Huawei-GigabitEthernet1/0/1] quit [Huawei] interface gigabitethernet 1/0/2 [Huawei-GigabitEthernet1/0/2] dhcp snooping trusted //Configure the interface of the DHCP server as the trusted interface. [Huawei-GigabitEthernet1/0/2] quit Note: - When you configure DHCP snooping on a Layer 2 access device, steps 1, 2, and 3 are mandatory and must be performed in the following sequence. - When you configure DHCP snooping on a DHCP relay agent, only steps 1 and 2 are required.

Clients cannot obtain IP addresses through DHCP after the DHCP relay agent is upgraded
This problem may occur on a fixed switch in the following scenario: - The switch was upgraded from V100R002/V100R003 to V100R005/V100R006. - The switch functions as a DHCP relay agent and is configured with the dhcp relay information enable command. - An authentication mechanism is enabled before the DHCP server allocates an IP address to a client. The authentication server authenticates the client based on the option 82 field. After the dhcp relay information enable command is configured on the switch, the interface name that the switch encapsulates in the DHCP option 82 field varies according to the system software version: - For V100R003 and earlier versions, a VLANIF interface name is encapsulated. - For V100R005 and later versions, a physical interface name is encapsulated. As different interface names may be encapsulated in the option 82 field before and after the upgrade, the authentication server may fail to authenticate the user based on the option 82 field. If this problem occurs, modify the user authentication configuration on the authentication server after the upgrade. To be specific, change the content of the option 82 field on the authentication server to the physical interface name, or change the user authentication policy by disabling DHCP option 82 field-based authentication.

DHCP clients cannot obtain IP addresses. How do I solve this problem
Ensure that the DHCP configuration is correct, and reduce the IP address lease. If a long IP address lease is set, after all addresses in the address pool are allocated, addresses that are not required cannot be released immediately. As a result, other DHCP clients cannot obtain IP addresses.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top