当DHCP监听时，Cisco IOS交换机为什么要向具有零giaddr字段的DHCP服务器发送数据包？

Question

最近，我排除了一个网络故障，交换机打开了DHCP监听，即使充当DHCP服务器的路由器连接到可信端口，客户端也无法获得IP地址。

在对交换机和路由器进行进一步的数据包分析和调试之后，我发现了一些奇怪的东西：

打开开关：

sw1#debug ip dhcp snooping packet
DHCP Snooping Packet debugging is on
sw1#
*Jan  9 10:17:29.337: DHCP_SNOOPING: received new DHCP packet from input interface (GigabitEthernet0/0)
*Jan  9 10:17:29.340: DHCP_SNOOPING: process new DHCP packet, message type: DHCPDISCOVER, input interface: Gi0/0, MAC da: ffff.ffff.ffff, MAC sa: 0050.7966.6800, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 0050.7966.6800
*Jan  9 10:17:29.340: DHCP_SNOOPING: message type : DHCPDISCOVER DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 0050.7966.6800
*Jan  9 10:17:29.341: DHCP_SNOOPING: add relay information option.
*Jan  9 10:17:29.341: DHCP_SNOOPING_SW: encoding opt82 cid in vlan-mod-port format
*Jan  9 10:17:29.342: DHCP_SNOOPING_SW: Encoding opt82 RID in MAC address format
*Jan  9 10:17:29.342: DHCP_SNOOPING: binary dump of relay info option, length: 20 data:
*Jan  9 10:17:29.343: 0x52 
*Jan  9 10:17:29.343: 0x12 
*Jan  9 10:17:29.344: 0x1 
*Jan  9 10:17:29.344: 0x6 
*Jan  9 10:17:29.345: 0x0 
*Jan  9 10:17:29.345: 0x4 
*Jan  9 10:17:29.346: 0x0 
*Jan  9 10:17:29.346: 0x1 
*Jan  9 10:17:29.347: 0x0 
*Jan  9 10:17:29.347: 0x0 
*Jan  9 10:17:29.347: 0x2 
*Jan  9 10:17:29.348: 0x8 
*Jan  9 10:17:29.348: 0x0 
*Jan  9 10:17:29.349: 0x6 
*Jan  9 10:17:29.349: 0xC 
sw1#
*Jan  9 10:17:29.350: 0x27 
*Jan  9 10:17:29.350: 0xBB 
*Jan  9 10:17:29.351: 0x0 
*Jan  9 10:17:29.351: 0x9F 
*Jan  9 10:17:29.352: 0x0 
*Jan  9 10:17:29.353: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (1)
*Jan  9 10:17:29.353: DHCP_SNOOPING_SW: bridge packet send packet to port: GigabitEthernet0/1, vlan 1.

在路由器/DHCP服务器上：

DHCP#debug ip dhcp server packet
DHCP server packet debugging is on.
DHCP#
*Jan  9 10:17:50.919: DHCPD: inconsistent relay information.
*Jan  9 10:17:50.921: DHCPD: relay information option exists, but giaddr is zero.

经过更多的挖掘，我发现：

注意，默认情况下，Cisco IOS设备拒绝零“giaddr”的数据包，默认情况下，思科催化剂交换机在配置为DHCP窥探！(来源)时使用“giaddr”为零。

现在，我不太了解giaddr字段，并且理解DHCP服务器应该将报价发送到giaddr地址，而不是它接收请求的地址。

那么，我的问题是，为什么思科的交换机在将数据包发送到DHCP服务器时将giaddr转换为全零，而DHCP监听是启用的？

Answer 1

从技术上讲，它并没有将giaddr设置为任何东西。原始请求的字段为空，而开关没有更改它，因为它不是一个实际的dhcp中继。问题是开关添加选项82，而IOS dhcpd则不喜欢这个选项。关闭选项82 no ip dhcp snooping information option，您的问题就会消失。无论如何，IOS不会对这些信息做任何事情。

(ip dhcp snooping glean也是一种选择--只读窥探)