Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3984
Views
0
Helpful
2
Replies

Catalyst C2960S %SW_DAI-4-INVALID_ARP: 1 Invalid ARPs

David.Schmidt11
Level 1
Level 1

‎05-15-2017 04:30 AM - edited ‎03-05-2019 08:32 AM

Hello,

we have on one of our Costumer Switches (Catalyst C2960-S9  Version 12.2(58)SE2) a Problem regarding Invalid ARPs:

May 15 09:39:38.839 CEST: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/0/12, vlan 10.

May 15 12:51:34.385 CEST: %SW_DAI-4-INVALID_ARP: 1 Invalid ARPs (Req) on Gi1/0/12, vlan 10.

We have Mutliple Entrys in the Log, and our Pings to the Client look like this:

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!..............................!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!..............................!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!..............................!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
..............................!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!..........
....................!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!....................
...........!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.............................
.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!..............................!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!..............................!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!..............................!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!...............................!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!........
......................!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!..................
............!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!............................
..!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!........................

Does someone knew which Cisco Bug this is (Found something in another Thread, but they didn't sayed which Bug ID it was).

Labels:
0 Helpful
2 Replies 2

Spooster IT Services
Level 7
Level 7

‎05-15-2017 01:02 PM

Hi David.Schmidt11,

These logs entries are indicating that ARP inspection droping the packet as the arp request is not matching the DHCP snooping binding table. Verify that "sh ip dhcp snooping binding" entry and ARP request must be matching.

Spooster IT Services Team
0 Helpful

Hitesh Vinzoda
Level 4
Level 4

‎05-15-2017 09:13 PM

someone is spoofing ARP on port 1/0/12, get the device checked for any infections connected on the port.

Thanks

Hitesh

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card