What does this message indicate?

Cisco IOS Software displays the following message: DHCP_SNOOPING_5-DHCP_SNOOPING_MATCH_MAC_FAIL. What does this message indicate?

Cisco IOS Software displays the following message: DHCP_SNOOPING_5-DHCP_SNOOPING_MATCH_MAC_FAIL. What does this message indicate?

A.
The message indicates that an attacker is pretending to be a DHCP server on an untrusted
port.

B.
The source MAC address in the Ethernet header does not match the address in the “chaddr”
field of the DHCP request message.

C.
The message indicates that the DHCP snooping has dropped a DHCP message that claimed
an existing, legitimate host is present on an unexpected interface.

D.
A Layer 2 port security MAC address violation has occurred on an interface that is set up for
untrusted DHCP snooping.

Explanation:
Actual Log from Switch configured for DHCP spoofing
007850: Nov 26 09:02:55.484 CET: %DHCP_SNOOPING-5-DHCP_SNOOPING_MATCH_MAC_FAIL:
DHCP_SNOOPING drop message because the chaddr doesn’t match source mac, message type:
DHCPRELEASE, chaddr: 0016.4487.6527, MAC sa: 0017.422e.d204
The switch logging message basically says that the MAC address of the client contained in the
chaddr (client hardware address) field in the DHCP message does not match the source MAC
address of the frame in which the DHCP message is encapsulated. In other words, the interfacefor
which the DHCP message was created does not match the interface through which the message
was actually transmitted.

https://supportforums.cisco.com/thread/344460



Leave a Reply 0

Your email address will not be published. Required fields are marked *

1 + 5 =