[c-nsp] dai / dhcp snooping bug

Gert Doering gert at greenie.muc.de
Mon Aug 10 15:37:31 EDT 2015


On Mon, Aug 10, 2015 at 06:31:16AM -0700, Mike wrote:
> I've loaded SE7 and - suprise -  same problem, so it's not fixed. I have 
> a directly connected device I can cause to refresh it's dhcp lease, and 
> sure enough, a refresh doesn't do it, but a reboot of that device which 
> casues a new round of dhcp discovery, does in fact work. A packet 
> capture seems to confirm the unicast case failing - a client with an 
> existing lease renewing will use unicast to the dhcp server, whereas a 
> client starting up will use broadcast to find servers, and both the 
> 'discover' and 'request' phases in that case are broadcast destination. 
> That was painful.

Wild idea... put an ACL into place that will block the unicast renewal?

USENET is *not* the non-clickable part of WWW!
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 291 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20150810/c94df8c9/attachment.sig>

More information about the cisco-nsp mailing list