cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Who Me Too'd this topic

Invalid ARP

eXPlosion
Level 1
Level 1

Offten in switch logg we see

Feb 13 12:30:21.418 GMT: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Res) on Fa0/14, vlan 159.([xxxx.9b4f.645c/xx.240.9.159/xxxx.742d.5400/xx.240.9.190/12:30:20 GMT Sat Feb 13 2016])

and dhcp snooping binding says:

1#sh ip dhcp snooping binding int f0/14
MacAddress IpAddress Lease(sec) Type VLAN Interface
------------------ --------------- ---------- ------------- ---- --------------------
xx:xx:9B:4F:64:5C xx.240.9.159 3430 dhcp-snooping 159 FastEthernet0/14

It seems that client on 14 port is doing Man in the middle attack, but very often EXACTLY that client says that service is not working. And also mac and ip in binding and logging MATCH. Can anyone explain this situation?

Who Me Too'd this topic