cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
davide
New Contributor

Netvanta 1638p DHCP snooping issue

Adtran Netvanta 1638p

I enabled the DHCP snooping feature in our network domain and the 10.0.94.13 wireless access point was not working anymore.

What is the right solution ?

ip hw-access-list extended DENY-DHCP

  permit udp host 10.0.94.29  any eq bootps

  permit udp host 10.0.94.29  any eq bootpc

  permit ip host 10.0.94.13 any

  deny   udp any  any eq bootps

  deny   udp any  any eq bootpc

  permit ip any  any 

hw-access-map MAP1

vlans 3

forward ip DENY-DHCP

Labels (1)
0 Kudos
5 Replies
Anonymous
Not applicable

Re: Netvanta 1638p DHCP snooping issue

- Thanks for posting your question on the forum!

Could you tell me what you mean by the wireless access point was not working anymore?  Also, which port is the wireless access point plugged into? Please post the switchport configuration for it as well. Also, which port is your DHCP server plugged in? Please post the switchport configuration for it as well.

You may find the following thread helpful:

Let us know if you have any questions.

Thanks,

Noor

davide
New Contributor

Re: Netvanta 1638p DHCP snooping issue

The domain controller is on  port  0/31 and the CISCO AP1041 on port 0/3.

The wireless users cannot lease an IP address.

here is my config file:

!

!

! ADTRAN, Inc. OS version R10.9.4

! Boot ROM version R10.3.0.SB

! Platform: NetVanta 1638P, part number 1700569F1

! Serial number LBADTN1330AA497

!

!

hostname "Netvanta-1638P"

enable password encrypted 1c17d6b091f3a8886dd56ab626c7076837d1

!

clock timezone -6-Central-Time

clock no-auto-correct-DST

!

ip subnet-zero

ip classless

ip routing

host "mail.aerotecheng.org" 66.49.32.186

host "mx.aerotecheng.org" 174.79.200.12

host "remote.aerotecheng.org" 174.79.200.13

host "wireless.aerotecheng.org" 174.79.200.14

domain-name "atedc.aero.local"

domain-proxy

name-server 10.0.94.29

!

!

ip route-cache express

!

no auto-config

!

event-history on

no logging forwarding

no logging email

!

service password-encryption

!

username "admin" password encrypted "464d541d51fdb8ae0067f7f051e320bf9b29"

username "dlonigro" password encrypted "2229b429dbe752c0149c7c59c76a551b8c23"

!

banner login #

Unauthorized access to this device is strictly prohibited and if you got inadvertently exit immediately!

#

!

!

!

!

!

!

dot11ap access-point-control

dos-protection 4,6,20,40-41,60-61,100

no desktop-auditing dhcp

no network-forensics ip dhcp

!

!

!

!

!

qos dscp-cos 0 8 16 24 32 40 48 56 to 0 1 2 3 4 5 6 7

! DSCP to CoS mapping only operates on ports that have 'qos trust cos' applied

!

spanning-tree priority 0

!

gvrp

!

!

!

!

vlan 1

  name "Default"

!

vlan 2

  name "pubblic-IP-switch"

!

vlan 3

  name "AEROTECH"

!

vlan 5

  name "Voice"

!

vlan 6

  name "Wireless"

!

vlan 7

  name "DataBackup"

!

interface loop 1

  ip address  172.16.1.14  255.255.255.255

  no shutdown

!

interface eth 0/1

  description Management Interface

  ip address  172.16.1.15  255.255.255.0

  no awcp

  shutdown

!

!

interface gigabit-switchport 0/1

  no shutdown

  switchport access vlan 3

!

interface gigabit-switchport 0/2

  no shutdown

  switchport access vlan 3

!

interface gigabit-switchport 0/3

  no shutdown

  switchport access vlan 3

!

interface gigabit-switchport 0/4

  no shutdown

  switchport access vlan 3

!

interface gigabit-switchport 0/5

  no shutdown

  switchport access vlan 3

!

interface gigabit-switchport 0/6

  no shutdown

  switchport access vlan 3

!

interface gigabit-switchport 0/7

  no shutdown

  switchport access vlan 3

!

interface gigabit-switchport 0/8

  no shutdown

  switchport access vlan 3

!

interface gigabit-switchport 0/9

  no shutdown

  switchport access vlan 3

!

interface gigabit-switchport 0/10

  no shutdown

  switchport access vlan 3

!

interface gigabit-switchport 0/11

  no shutdown

  switchport access vlan 3

!

interface gigabit-switchport 0/12

  no shutdown

  switchport access vlan 3

!

interface gigabit-switchport 0/13

  no shutdown

  switchport access vlan 3

!

interface gigabit-switchport 0/14

  no shutdown

  switchport access vlan 3

  qos trust cos

!

interface gigabit-switchport 0/15

  no shutdown

  switchport access vlan 3

!

interface gigabit-switchport 0/16

  no shutdown

  switchport access vlan 3

!

interface gigabit-switchport 0/17

  no shutdown

  switchport access vlan 3

!

interface gigabit-switchport 0/18

  no shutdown

  switchport access vlan 3

!

interface gigabit-switchport 0/19

  no shutdown

  switchport access vlan 3

!

interface gigabit-switchport 0/20

  no shutdown

  switchport access vlan 3

!

interface gigabit-switchport 0/21

  no shutdown

  switchport access vlan 3

  qos trust cos

!

interface gigabit-switchport 0/22

  no shutdown

  switchport access vlan 3

!

interface gigabit-switchport 0/23

  speed 1000

  no shutdown

  switchport access vlan 3

  qos trust cos

!

interface gigabit-switchport 0/24

  no shutdown

  switchport access vlan 3

!

interface gigabit-switchport 0/25

  no shutdown

  switchport access vlan 3

!

interface gigabit-switchport 0/26

  no shutdown

  switchport access vlan 3

!

interface gigabit-switchport 0/27

  no shutdown

  switchport access vlan 3

!

interface gigabit-switchport 0/28

  no shutdown

  switchport access vlan 3

!

interface gigabit-switchport 0/29

  no shutdown

  switchport access vlan 3

!

interface gigabit-switchport 0/30

  no shutdown

  switchport access vlan 3

!

interface gigabit-switchport 0/31

  no shutdown

  switchport access vlan 3

!

interface gigabit-switchport 0/32

  no shutdown

  switchport access vlan 3

!

interface gigabit-switchport 0/33

  no shutdown

  switchport access vlan 3

!

interface gigabit-switchport 0/34

  no shutdown

  switchport access vlan 3

!

interface gigabit-switchport 0/35

  no shutdown

  switchport access vlan 3

!

interface gigabit-switchport 0/36

  no shutdown

  switchport access vlan 3

!

interface gigabit-switchport 0/37

  no shutdown

  switchport access vlan 3

!

interface gigabit-switchport 0/38

  no shutdown

  switchport access vlan 3

!

interface gigabit-switchport 0/39

  no shutdown

  switchport access vlan 3

!

interface gigabit-switchport 0/40

  no shutdown

  switchport access vlan 3

!

interface gigabit-switchport 0/41

  no shutdown

!

interface gigabit-switchport 0/42

  no shutdown

!

interface gigabit-switchport 0/43

  no shutdown

!

interface gigabit-switchport 0/44

  no shutdown

!

interface gigabit-switchport 0/45

  no shutdown

  switchport access vlan 2

!

interface gigabit-switchport 0/46

  no shutdown

  switchport access vlan 2

!

interface gigabit-switchport 0/47

  no shutdown

  switchport access vlan 2

!

interface gigabit-switchport 0/48

  no shutdown

  switchport access vlan 2

!

!

interface xgigabit-switchport 1/1

  no shutdown

  switchport mode trunk

  switchport trunk allowed vlan 1-7

  speed auto

  no lldp send-and-receive

!

interface xgigabit-switchport 1/2

  no shutdown

  switchport mode access

  speed 1000

!

!

!

interface vlan 1

  ip address  10.0.92.14  255.255.255.0

  ip route-cache express

  no shutdown

!

interface vlan 2

  no ip address

  ip route-cache express

  shutdown

!

interface vlan 3

  ip address  10.0.94.14  255.255.255.0

  ip route-cache express

  no shutdown

!

!

!

!

!

ip hw-access-list extended DENY-DHCP

  permit udp host 10.0.94.29  any eq bootps  

  permit udp host 10.0.94.29  any eq bootpc  

  deny   udp any  any eq bootps  

  deny   udp any  any eq bootpc  

  permit ip any  any   

!

!

!

ip route 0.0.0.0 0.0.0.0 10.0.94.1

ip route 10.0.94.0 255.255.255.0 10.0.94.1

ip route 172.16.1.10 255.255.255.255 10.0.94.10

ip route 172.16.1.17 255.255.255.255 10.0.94.17

!

no tftp server

no tftp server overwrite

no http server

http secure-server

no snmp agent

no ip ftp server

ip ftp server default-filesystem flash

no ip scp server

no ip sntp server

!

!

!

!

!

!

!

!

line con 0

  login

  password encrypted 1e1583c47be78c1e476c10ca32c391e0d94a

!

line telnet 0 4

  login

  password encrypted 151ef24f7d0a9f593caa0a333f0d2e5fc846

  shutdown

line ssh 0 4

  login local-userlist

  no shutdown

!

sntp server us.pool.ntp.org

!

!

!

end

Anonymous
Not applicable

Re: Netvanta 1638p DHCP snooping issue

- Your configuration for filtering DHCP traffic looks correct. Would you be able to obtain a packet capture off a port mirror on the port that the AP is connected to? This would probably give us the best picture as to whether DHCP broadcasts are being sent and received using that port.

Please do not hesitate to let us know if you have any questions.

Thanks,

Noor

Anonymous
Not applicable

Re: Netvanta 1638p DHCP snooping issue

davide:

Do you still have further questions on this post?  Please, do not hesitate to reply.

Levi

Anonymous
Not applicable

Re: Netvanta 1638p DHCP snooping issue

davide:

I went ahead and flagged "Assumed Answered" on this post to make it more visible and help other members of the community find solutions more easily. If you feel like there is a better answer, feel free to come back to this post and select it with the applicable buttons.  If you have any additional information on this that others may benefit from, please come back to this post to provide an update.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

Thanks,

Levi