Title: How to troubleshoot the issue that users cannot access the Internet after configuring DHCP snooping on NBS Switch? [Print this page] Author: zhangqiao@ruiji Time: 2025-7-29 11:14 Title: How to troubleshoot the issue that users cannot access the Internet after configuring DHCP snooping on NBS Switch? 1. Fault Phenomenon:
After enabling DHCP Snooping on the NBS switch, the following anomalies occurred:
End point cannot obtain IP address
The end point has obtained an address assigned by an illegal DHCP server
DHCP Binding Table not generated or abnormal
Specific ports cannot forward DHCP packets
Key Point:
Is DHCP Snooping globally enabled?
Is the Trusted Port configured?
Is there an illegal DHCP server?
Whether to enable related functions such as IP Source Guard? 2. Analysis of the Problem Cause
According to the content of the Knowledge Base, possible causes include:
Trusted port not configured : The port connected to the legitimate DHCP server was not set as a trusted port, resulting in the blocking of legitimate DHCP responses.
Unauthorized DHCP Server Exists: An unauthorized DHCP server is still running on the network.
Function Conflict: IP Source Protection is enabled while DHCP Binding Table is not configured.
Version Limitation: Older firmware versions have DHCP Snooping compatibility issues.
Port mode error: Access port fails to correctly allow VLAN traffic. 3. Troubleshooting Steps and Solutions Step 1: Verify the basic configuration
Path: Project > Device Config> DHCP Snooping Check Item:
Confirm Global DHCP Snooping is enabled
Set the port connected to a legitimate DHCP server astrusted port(usually the uplink port)
Non-trusted ports (ports connected to end points) remain in the default non-trusted state Step 2: Troubleshoot illegal DHCP servers
Detection Method :Capture packets on the untrusted port of the switch to check if DHCP responses from the untrusted port are receivedUse AI diagnosis to detect DHCP conflicts in the networkSolution ocate and shut down illegal DHCP servers
Or enable DHCP Snooping blocking in bulk via the cloud: Step 3: Check the configuration of the associated function
IP Source Protection Dependency Relationship:
If IP source protection is enabled, the DHCP Snooping binding table must be generated first
Path: Project >Device Config> Ip Source GuardVLAN Pass-through Verification:
Confirm that the VLAN where the end point is located has been allowed to pass through the port Step 4: Firmware Version Upgrade
Log in to the Web interface to check the version:
If the version is lower than ReyeeOS 2.340, it is necessary to upgrade to the latest version to resolve known compatibility issues
Welcome to Ruijie Community (https://community.ruijie.com/)
Check Item: 
Solution 
ocate and shut down illegal DHCP servers
VLAN Pass-through Verification: