02-13-2016 09:33 AM - edited 03-10-2019 01:06 PM
Offten in switch logg we see
Feb 13 12:30:21.418 GMT: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Res) on Fa0/14, vlan 159.([xxxx.9b4f.645c/xx.240.9.159/xxxx.742d.5400/xx.240.9.190/12:30:20 GMT Sat Feb 13 2016])
and dhcp snooping binding says:
1#sh ip dhcp snooping binding int f0/14
MacAddress IpAddress Lease(sec) Type VLAN Interface
------------------ --------------- ---------- ------------- ---- --------------------
xx:xx:9B:4F:64:5C xx.240.9.159 3430 dhcp-snooping 159 FastEthernet0/14
It seems that client on 14 port is doing Man in the middle attack, but very often EXACTLY that client says that service is not working. And also mac and ip in binding and logging MATCH. Can anyone explain this situation?
Solved! Go to Solution.