Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
264
Views
0
Helpful
0
Replies

ARP inspection - Help for Thin client

yoann.wolf67
Level 1
Level 1

‎07-12-2016 02:56 AM - edited ‎03-08-2019 06:35 AM

Hello everyone,

I'm currently working on LAN securization in my company.

We decided to deploy those following features :

Port security

BPDU Guard

DHCP Snooping

ARP inspection

In some factory, we've a lot of moving station (ex Thin client)

Due to the arp inspection, sometimes when we move from one vlan to another vlan, we've a lot of syslog

Juste let me give you an example :

We had a thin client connected to FA0/6 on vlan number 106. Then someone needed to move this client on FA0/16 which is linked to the vlan number 114 and finally we get this log :


Jun 17 11:31:36.870 PARIS: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Fa0/16, vlan 114.([dc4a.3e03.47f2/10.78.106.70/0000.0000.0000/10.78.106.254/11:31:36 PARIS Fri Jun 17 2016])

This log is "normal" because in the dhcp snooping database, the client was still on FA0/6 with his old Ipaddr.

It seems that this log occurs until the lease dhcp is refreshed or if someone clears directly on the interface.

My question is : What can I do to allow a thin client for getting a new @ip  even if we move from vlan to another directly ?

Thanks,

Yoann WOLF

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents