DHCP snooping log message

VTP, Portfast, Spanning Tree and all the other switch related stuff.
Guest

DHCP snooping log message

Post by Guest » Sun Jan 25, 2009 10:20 am

Hi all, i have wi fi and ethernet card  on my desktop and right now both connections are working. as shwon below Microsoft Windows XP [Version 5.1.2600]C Copyright 1985-2001 Microsoft Corp. C:Documents and Settingsmahesh>ipconfig /all Windows IP Configuration         Host Name . . . . . . . . . . . . : pentium        Primary Dns Suffix  . . . . . . . :        Node Type . . . . . . . . . . . . : Unknown        IP Routing Enabled. . . . . . . . : No        WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Local Area Connection 8:         Connection-specific DNS Suffix  . :        Description . . . . . . . . . . . : Realtek RTL8139/810X Family PCI Fast Ethernet NIC        Physical Address. . . . . . . . . : 00-40-F4-18-6D-8A        Dhcp Enabled. . . . . . . . . . . : Yes        Autoconfiguration Enabled . . . . : Yes        IP Address. . . . . . . . . . . . : 192.168.20.18        Subnet Mask . . . . . . . . . . . : 255.255.255.0        Default Gateway . . . . . . . . . : 192.168.20.3        DHCP Server . . . . . . . . . . . : 192.168.20.1        DNS Servers . . . . . . . . . . . : 64.59.135.145        Lease Obtained. . . . . . . . . . : January 4, 2011 5:58:32 PM        Lease Expires . . . . . . . . . . : January 5, 2011 5:58:32 PM Ethernet adapter Wireless Network Connection:         Connection-specific DNS Suffix  . :        Description . . . . . . . . . . . : EDUP 802.11g Wireless MiniPCI Card        Physical Address. . . . . . . . . : 00-15-E9-CF-19-0B        Dhcp Enabled. . . . . . . . . . . : Yes        Autoconfiguration Enabled . . . . : Yes        IP Address. . . . . . . . . . . . : 192.168.20.26        Subnet Mask . . . . . . . . . . . : 255.255.255.0        Default Gateway . . . . . . . . . : 192.168.20.3        DHCP Server . . . . . . . . . . . : 192.168.20.1        DNS Servers . . . . . . . . . . . : 64.59.135.145        Lease Obtained. . . . . . . . . . : January 5, 2011 3:54:45 AM        Lease Expires . . . . . . . . . . : January 6, 2011 3:54:45 AM C:Documents and Settingsmahesh> i check the switch logs and see this message DHCP_SNOOPING-5-DHCP_SNOOPING_MATCH_MAC_FAIL: DHCP_SNOOPING drop message because the chaddr doesn match source mac, message type: DHCPREQUEST, chaddr: 0015.e9cf.190b, MAC sa: 0040.f418.6d8a. right now both connections are working can someome tell me what this message means?i have dhcp snooping enabled on switch. 3550SMIA#                          sh ip dhcp snooping  bin3550SMIA#                          sh ip dhcp snooping  bindingMacAddress          IpAddress        Lease(sec)  Type           VLAN  Interface------------------  ---------------  ----------  -------------  ----  --------------------00:40:F4:18:6D:8A   192.168.20.18    43771       dhcp-snooping   20    FastEthernet0/15 550SMIA#                      sh mac address-table address 0015.e9cf.190b          Mac Address Table------------------------------------------- Vlan    Mac Address       Type        Ports----    -----------       --------    -----  20    0015.e9cf.190b    DYNAMIC     Fa0/20Total Mac Addresses for this criterion: 1 thanksmahesh

Guest

Re:DHCP snooping log message

Post by Guest » Sun Jan 25, 2009 10:57 am

Hello Mahesh, You are obviously connected to the same network with two NICs - your wired Ethernet and the WiFi card. This kind of connection is usually not well supported for general operating systems including both Windows and GNU/Linux. Especially Windows like to wreak havoc in these scenarios: as you can see, your Windows are sending DHCP messages through your wired Ethernet connection but they identify themselves in the message using the MAC address of your WiFi NIC! I remember a discussion here on CSC a few months ago - we were trying to discover the reason of a strange and inexplicable flooding in a switched network. It was eventually found out that the client used a wired and WiFi connection just like you are, and when Windows received an ARP request on one of these network card, they responded with an ARP reply message sent from the other NIC but the MAC address inside the ARP reply was the first NIC. Thus, other stations in the network mapped the IP to the first NICs MAC address while the switches learned the second NICs MAC, resulting in the first MAC to eventually expire from CAM tables. The resume is that the message you are seeing is caused by your Windows sending DHCP messages through your interfaces with paying any attention that the message is sent through a proper interface. I am not sure if this can be corrected. To my experience, Windows were never able to correctly communicate over network if a single station had multiple connections to the same network. Personally, I strongly discourage such practices. Best regards,Peter

Guest

Re:DHCP snooping log message

Post by Guest » Sun Jan 25, 2009 12:15 pm

Hi Peter, Many thanks for great explanation. i will turn off the wi fi  card and then  monitor for messages . mahesh

mmoore

Re: DHCP snooping log message

Post by mmoore » Tue Jul 31, 2018 12:51 pm

This is an old post but I wanted to thank you for that post. Very much helped me understand it. Almost 10 years old and its still extremely helpful. Thanks alot.

Post Reply