We run a university campus, and we see a big increase in arp-traffic the last year.

A few years ago we implemented dynamic arp inspection on our student-networks.

The default rate-limit of 15pps was initially enough.

Last year we had a lot of cases where the rate-limit was triggered, and by default we set it now to 100.

This year the students are starting to come in again, and we notice quite a few connections where the limit of 100 is triggered,

even 300 often does not seem to be enough.

The "problem" seems to be client side by things like bonjour-service or network-discovery services that cause massive amounts of arp's.

The amount of devices that cause high rate's of arp-packets increases, as well as the amount they send.

So either we go for a lot of work for us to find out which all of these programs are, then a lot of work for our helpdesk to help students to disable them all or we increase the limit rate to 2000 or something, perhaps even unlimited.

If anyone else is experiencing this, i would be interested to know how you decided to handle this.

That does seem like an unusual amount for end user devices.

Are you able to run a sniffer on the devices to see which service is causing all the ARP requests? e.g. what it is ARPing for would be a clue.

Could potentially possibly be a malicious application.

Same issues here. Switchports continues to err-disable. The MAC a8a1.5991.9fd0 and have Infoblox provide DHCP IP 10.48.11.96

Should device be statically assigned the IP address 10.48.11.96 to resolve issue? 

.Sep 22 10:25:23.998: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/24, vlan 40.([a8a1.5991.9fd0/10.48.11.96/0000.0000.0000/10.48.11.53/10:25:23 EDT Thu Sep 22 2022])
.Sep 22 10:25:23.998: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/24, vlan 40.([a8a1.5991.9fd0/10.48.11.96/0000.0000.0000/10.48.11.47/10:25:23 EDT Thu Sep 22 2022])
.Sep 22 10:25:23.998: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/24, vlan 40.([a8a1.5991.9fd0/10.48.11.96/0000.0000.0000/10.48.11.52/10:25:23 EDT Thu Sep 22 2022])
.Sep 22 10:25:23.998: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/24, vlan 40.([a8a1.5991.9fd0/10.48.11.96/0000.0000.0000/10.48.11.31/10:25:23 EDT Thu Sep 22 2022])
.Sep 22 10:25:24.904: %CTS-3-PAC_PROVI_FAIL: PAC Provisioning failed for 10.72.20.10
.Sep 22 10:25:24.998: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/24, vlan 40.([a8a1.5991.9fd0/10.48.11.96/0000.0000.0000/10.48.11.32/10:25:23 EDT Thu Sep 22 2022])
.Sep 22 10:25:24.998: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/24, vlan 40.([a8a1.5991.9fd0/10.48.11.96/0000.0000.0000/10.48.11.34/10:25:23 EDT Thu Sep 22 2022])
.Sep 22 10:25:24.998: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/24, vlan 40.([a8a1.5991.9fd0/10.48.11.96/0000.0000.0000/10.48.11.35/10:25:23 EDT Thu Sep 22 2022])
.Sep 22 10:25:24.998: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/24, vlan 40.([a8a1.5991.9fd0/10.48.11.96/0000.0000.0000/10.48.11.36/10:25:23 EDT Thu Sep 22 2022])
.Sep 22 10:25:24.998: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/24, vlan 40.([a8a1.5991.9fd0/10.48.11.96/0000.0000.0000/10.48.11.37/10:25:23 EDT Thu Sep 22 2022])
.Sep 22 10:25:26.008: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/24, vlan 40.([a8a1.5991.9fd0/10.48.11.96/0000.0000.0000/10.48.11.46/10:25:23 EDT Thu Sep 22 2022])
.Sep 22 10:25:26.008: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/24, vlan 40.([a8a1.5991.9fd0/10.48.11.96/0000.0000.0000/10.48.11.50/10:25:23 EDT Thu Sep 22 2022])
.Sep 22 10:25:26.008: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/24, vlan 40.([a8a1.5991.9fd0/10.48.11.96/0000.0000.0000/10.48.11.48/10:25:23 EDT Thu Sep 22 2022])
.Sep 22 10:25:26.008: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/24, vlan 40.([a8a1.5991.9fd0/10.48.11.96/0000.0000.0000/10.48.11.38/10:25:23 EDT Thu Sep 22 2022])
.Sep 22 10:25:26.008: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/24, vlan 40.([a8a1.5991.9fd0/10.48.11.96/0000.0000.0000/10.48.11.39/10:25:23 EDT Thu Sep 22 2022])
.Sep 22 10:25:45.626: %CTS-3-PAC_PROVI_FAIL: PAC Provisioning failed for 10.74.20.10
.Sep 22 10:27:09.901: %CTS-3-PAC_PROVI_FAIL: PAC Provisioning failed for 10.72.20.10
.Sep 22 10:27:30.626: %CTS-3-PAC_PROVI_FAIL: PAC Provisioning failed for 10.74.20.10
.Sep 22 10:28:54.909: %CTS-3-PAC_PROVI_FAIL: PAC Provisioning failed for 10.72.20.10
.Sep 22 10:29:15.626: %CTS-3-PAC_PROVI_FAIL: PAC Provisioning failed for 10.74.20.10
.Sep 22 10:30:23.885: %PM-4-ERR_RECOVER: Attempting to recover from arp-inspection err-disable state on Gi1/24
.Sep 22 10:30:39.909: %CTS-3-PAC_PROVI_FAIL: PAC Provisioning failed for 10.72.20.10
.Sep 22 10:31:00.625: %CTS-3-PAC_PROVI_FAIL: PAC Provisioning failed for 10.74.20.10
.Sep 22 10:31:04.908: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Res) on Gi1/24, vlan 40.([a8a1.5991.9fd0/10.48.11.96/5057.a87d.2d7f/10.48.11.1/10:31:04 EDT Thu Sep 22 2022])
.Sep 22 10:31:05.387: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: stkmj1] [Source: 10.71.80.64] [localport: 22] at 10:31:05 EDT Thu Sep 22 2022
.Sep 22 10:31:06.910: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/24, vlan 40.([a8a1.5991.9fd0/10.48.11.96/0000.0000.0000/10.48.11.96/10:31:06 EDT Thu Sep 22 2022])
.Sep 22 10:31:06.910: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Res) on Gi1/24, vlan 40.([a8a1.5991.9fd0/10.48.11.96/5057.a87d.2d7f/10.48.11.1/10:31:06 EDT Thu Sep 22 2022])
.Sep 22 10:31:07.924: %SW_DAI-4-DHCP_SNOOPING_DENY: 2 Invalid ARPs (Req) on Gi1/24, vlan 40.([a8a1.5991.9fd0/10.48.11.96/0000.0000.0000/10.48.11.1/10:31:07 EDT Thu Sep 22 2022])
.Sep 22 10:31:08.922: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/24, vlan 40.([a8a1.5991.9fd0/10.48.11.96/0000.0000.0000/10.48.11.1/10:31:08 EDT Thu Sep 22 2022])
.Sep 22 10:31:09.922: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/24, vlan 40.([a8a1.5991.9fd0/10.48.11.96/0000.0000.0000/10.48.11.1/10:31:09 EDT Thu Sep 22 2022])
.Sep 22 10:31:09.922: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Res) on Gi1/24, vlan 40.([a8a1.5991.9fd0/10.48.11.96/5057.a87d.2d7f/10.48.11.1/10:31:09 EDT Thu Sep 22 2022])
.Sep 22 10:31:10.922: %SW_DAI-4-DHCP_SNOOPING_DENY: 2 Invalid ARPs (Req) on Gi1/24, vlan 40.([a8a1.5991.9fd0/10.48.11.96/0000.0000.0000/10.48.11.53/10:31:10 EDT Thu Sep 22 2022])
.Sep 22 10:31:10.922: %SW_DAI-4-DHCP_SNOOPING_DENY: 2 Invalid ARPs (Req) on Gi1/24, vlan 40.([a8a1.5991.9fd0/10.48.11.96/0000.0000.0000/10.48.11.47/10:31:10 EDT Thu Sep 22 2022])
.Sep 22 10:31:11.928: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Res) on Gi1/24, vlan 40.([a8a1.5991.9fd0/10.48.11.96/5057.a87d.2d7f/10.48.11.1/10:31:11 EDT Thu Sep 22 2022])
.Sep 22 10:31:11.928: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Res) on Gi1/24, vlan 40.([a8a1.5991.9fd0/10.48.11.96/accc.8e7b.79e9/10.48.11.34/10:31:11 EDT Thu Sep 22 2022])
.Sep 22 10:31:11.928: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/24, vlan 40.([a8a1.5991.9fd0/10.48.11.96/0000.0000.0000/10.48.11.1/10:31:11 EDT Thu Sep 22 2022])
.Sep 22 10:31:11.928: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/24, vlan 40.([a8a1.5991.9fd0/10.48.11.96/0000.0000.0000/10.48.11.53/10:31:11 EDT Thu Sep 22 2022])
.Sep 22 10:31:11.928: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/24, vlan 40.([a8a1.5991.9fd0/10.48.11.96/0000.0000.0000/10.48.11.47/10:31:11 EDT Thu Sep 22 2022])
.Sep 22 10:31:11.958: %SW_DAI-4-PACKET_RATE_EXCEEDED: 20 packets received in 322 milliseconds on Gi1/24.
.Sep 22 10:31:11.958: %PM-4-ERR_DISABLE: arp-inspection error detected on Gi1/24, putting Gi1/24 in err-disable state
.Sep 22 10:31:12.940: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/24, vlan 40.([a8a1.5991.9fd0/10.48.11.96/0000.0000.0000/10.48.11.52/10:31:11 EDT Thu Sep 22 2022])
.Sep 22 10:31:12.941: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/24, vlan 40.([a8a1.5991.9fd0/10.48.11.96/0000.0000.0000/10.48.11.31/10:31:11 EDT Thu Sep 22 2022])
.Sep 22 10:31:12.941: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/24, vlan 40.([a8a1.5991.9fd0/10.48.11.96/0000.0000.0000/10.48.11.32/10:31:11 EDT Thu Sep 22 2022])
.Sep 22 10:31:12.941: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/24, vlan 40.([a8a1.5991.9fd0/10.48.11.96/0000.0000.0000/10.48.11.33/10:31:11 EDT Thu Sep 22 2022])
.Sep 22 10:31:12.941: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/24, vlan 40.([a8a1.5991.9fd0/10.48.11.96/0000.0000.0000/10.48.11.35/10:31:11 EDT Thu Sep 22 2022])
.Sep 22 10:31:13.943: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/24, vlan 40.([a8a1.5991.9fd0/10.48.11.96/0000.0000.0000/10.48.11.36/10:31:11 EDT Thu Sep 22 2022])
.Sep 22 10:31:13.943: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/24, vlan 40.([a8a1.5991.9fd0/10.48.11.96/0000.0000.0000/10.48.11.37/10:31:11 EDT Thu Sep 22 2022])
.Sep 22 10:31:13.944: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/24, vlan 40.([a8a1.5991.9fd0/10.48.11.96/0000.0000.0000/10.48.11.46/10:31:11 EDT Thu Sep 22 2022])
.Sep 22 10:31:13.944: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/24, vlan 40.([a8a1.5991.9fd0/10.48.11.96/0000.0000.0000/10.48.11.50/10:31:11 EDT Thu Sep 22 2022])
.Sep 22 10:31:13.944: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/24, vlan 40.([a8a1.5991.9fd0/10.48.11.96/0000.0000.0000/10.48.11.48/10:31:11 EDT Thu Sep 22 2022])
.Sep 22 10:31:14.944: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/24, vlan 40.([a8a1.5991.9fd0/10.48.11.96/0000.0000.0000/10.48.11.38/10:31:11 EDT Thu Sep 22 2022])
.Sep 22 10:31:14.944: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/24, vlan 40.([a8a1.5991.9fd0/10.48.11.96/0000.0000.0000/10.48.11.39/10:31:11 EDT Thu Sep 22 2022])
.Sep 22 10:31:14.944: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/24, vlan 40.([a8a1.5991.9fd0/10.48.11.96/0000.0000.0000/10.48.11.60/10:31:11 EDT Thu Sep 22 2022])
PC-OPS-CORE-SW# 
PC-OPS-CORE-SW#
PC-OPS-CORE-SW#
PC-OPS-CORE-SW#
PC-OPS-CORE-SW#
PC-OPS-CORE-SW#show run int gig1/24 
Building configuration...

Current configuration : 720 bytes
!
interface GigabitEthernet1/24
description NVR-ASRock_9fd0
switchport access vlan 40
switchport mode access
authentication event fail action next-method
authentication event server dead action reinitialize vlan 40
authentication event server dead action authorize voice
authentication event server alive action reinitialize 
authentication host-mode multi-auth
authentication open
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication violation restrict
mab
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast edge
spanning-tree bpduguard enable
end

PC-OPS-CORE-SW 

ARP can send by IP device tracking, which will send via trunk and hence you get err-disable, are you run IPDT??