[c-nsp] unaccountable dhcp snooping error message

Sebastian Beutel sebastian.beutel at rus.uni-stuttgart.de
Thu Feb 2 09:39:21 EST 2017


Hi List,

   on a 6880x router running 15.2(1)SY3 we have configured ip helper on the
user facing vlan interfaces and ip dhcp snooping. There are no direct access
ports, only downlinks to access switching. The downlinks are untrusted but
have "ip dhcp snooping information option allow-untrusted" configured. It
all seems to work well (no user complaints until now) but we see several
lines per hour in our syslog like this:

%DHCP_SNOOPING-SW1-5-DEST_NOT_FOUND: DHCPACK: Could not find destination port. Destination MAC 000c.0000.0700

This happend with almost 100 different mac addresses in the last weeks, most
of them appear only once, some several hundred times. All that i looked up
belonged to valid OUIs beside one mac address of 0000.0000.0000...

However, neither any of our switches nor our central dhcp server has ever
seen all of these mac addresses that i tried finding in the logs. This makes
me wonder where the DHCPACK came from. Has anyone else ever observed such a
phenomenon? 

Best,
   Sebastian.


More information about the cisco-nsp mailing list