Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation

Who Me Too'd this topic

ESW 520 ARP Inspection Problem

ngtransge
Level 1
Level 1

‎08-06-2012 03:12 PM

Hello,

I have observed strange behavior on ESW 520 switches, with ARP Inspection operation.  ARP inspection is configured with static ip to mac bindings, and it work.Problem is with logs, switch generates tons of ARP inspection logs, during network normal operation, but network endpoints are working well. These logs are same witch are generated during ARP poisoning in network. This operation was observed in older and new firmware.

Here is sample log:

Informational %ARPINSP-I-PCKTLOG: ARP packet dropped

from port e9 with VLAN tag 10 and reason: packet verification failed SRC MAC 13:71:05:5a:85:2e SRC IP

0.0.0.0 DST MAC 00 :00:00:00:00:00 DST IP 10.0.10.18

Informational %ARPINSP-I-PCKTLOG: ARP packet dropped

from port e1 with VLAN tag 10 and reason: packet verification failed SRC MAC 13:71:05:80:f5:03 SRC IP

0.0.0.0 DST MAC 00 :00:00:00:00:00 DST IP 10.0.10.16

Informational %ARPINSP-I-PCKTLOG: ARP packet dropped

from port e6 with VLAN tag 10 and reason: packet verification failed SRC MAC 13:71:05:19:85:26 SRC IP

0.0.0.0 DST MAC 00 :00:00:00:00:00 DST IP 10.0.10.15

Informational %ARPINSP-I-PCKTLOG: ARP packet dropped

from port e1 with VLAN tag 10 and reason: packet verification failed SRC MAC 13:71:05:80:f5:03 SRC IP

0.0.0.0 DST MAC 00 :00:00:00:00:00 DST IP 10.0.10.16

Informational %ARPINSP-I-PCKTLOG: ARP packet dropped

from port e9 with VLAN tag 10 and reason: packet verification failed SRC MAC 13:71:05:12:85:2e SRC IP

0.0.0.0 DST MAC 00 :00:00:00:00:00 DST IP 10.0.10.18

Informational %ARPINSP-I-PCKTLOG: ARP packet dropped

from port e5 with VLAN tag 10 and reason: packet verification failed SRC MAC 13:71:05:80:f5:10 SRC IP

0.0.0.0 DST MAC 00 :00:00:00:00:00 DST IP 10.0.10.10

Informational %ARPINSP-I-PCKTLOG: ARP packet dropped

from port e6 with VLAN tag 10 and reason: packet verification failed SRC MAC 13:71:05:11:85:26 SRC I

0.0.0.0 DST MAC 00 :00:00:00:00:00 DST IP 10.0.10.1

Informational %ARPINSP-I-PCKTLOG: ARP packet dropped

from port e5 with VLAN tag 10 and reason: packet verification failed SRC MAC 13:71:05:80:f5:10 SRC IP

0.0.0.0 DST MAC 00 :00:00:00:00:00 DST IP 10.0.10.10

Informational %ARPINSP-I-PCKTLOG: ARP packet dropped

from port e8 with VLAN tag 10 and reason: packet verification failed SRC MAC 13:71:05:14:85:0c SRC IP

0.0.0.0 DST MAC 00 :00:00:00:00:00 DST IP 10.0.10.14

Informational %ARPINSP-I-PCKTLOG: ARP packet dropped

from port e3 with VLAN tag 10 and reason: packet verification failed SRC MAC 13:71:05:80:f5:3f SRC IP

0.0.0.0 DST MAC 00 :00:00:00:00:00 DST IP 10.0.10.12

Informational %ARPINSP-I-PCKTLOG: ARP packet dropped

from port e8 with VLAN tag 10 and reason: packet verification failed SRC MAC 13:71:05:51:85:0c SRC IP

0.0.0.0 DST MAC 00 :00:00:00:00:00 DST IP 10.0.10.14

Informational %ARPINSP-I-PCKTLOG: ARP packet dropped

from port e5 with VLAN tag 10 and reason: packet verification failed SRC MAC 13:71:05:80:f5:10 SRC IP

0.0.0.0 DST MAC 00 :00:00:00:00:00 DST IP 10.0.10.10

Informational %ARPINSP-I-PCKTLOG: ARP packet dropped

from port e6 with VLAN tag 10 and reason: packet verification failed SRC MAC 13:71:05:57:85:26 SRC IP

0.0.0.0 DST MAC 00 :00:00:00:00:00 DST IP 10.0.10.15

It seems switch dont like ARP request which are going to local network addresses., but in that vlan all host can communicate which each other.

Do you have any idea what can be the problem ?

1 person had this problem
Labels:
0 Helpful
Who Me Too'd this topic