Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1766
Views
5
Helpful
3
Replies

ARP inspection problem

Go to solution
tedauction
Level 1
Level 1

‎12-16-2019 12:48 PM

Hello, we have been running DHCP snooping and ARP inspection successfully.

Yesterday I replaced the router attached to our switch and suddenly the switch became flooded with DAI error logs e.g.

Dec 14 14:50:01: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/0/37, vlan 10.([54bf.6401.faf7/10.21.7.115/0000.0000.0000/10.21.7.1/

 

I had to disable ARP inspection and DHCP snooping to allow traffic to pass normally.

Note that the MAC address of the router (10.21.7.1) is showing as 0000.0000.0000.

I am wondering why simply changing the uplink router caused this issue.

Thank you for any help.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
paul driver
VIP
VIP
In response to tedauction

‎01-10-2020 01:48 AM - edited ‎01-10-2020 01:54 AM

Hello

@tedauction wrote:
Dec 14 14:50:01: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/0/37, vlan 10.([54bf.6401.faf7/10.21.7.115/0000.0000.0000/10.21.7.1

I would say you are correct, any change to a DAI in relation to hardware would indeed cause some issue, due to the routers physical address being changed each host will have an cache for its DG however this has changed so each host will need to flood a arp broadcast for its DG new mac address, Hence the above log.

Possibly two ways you may have negated:
1) Change the new routers interface physical address(s) to the mac address(s) of the old router.
2) Disable DAI for a time until all host have update the dhcp snoop DB running with the new router

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

3 Replies 3

Go to solution
Supermantech
Level 1
Level 1

‎12-16-2019 03:16 PM

is it possible something else was introduced when you replaced the router?  Like a spanning tree port that was BLOCKED is now not blocked,  causing other network packets to drop on that switch/vlan that were not there before?  

0 Helpful

Go to solution
tedauction
Level 1
Level 1
In response to Supermantech

‎01-09-2020 07:04 PM - edited ‎01-09-2020 07:09 PM

I am thinking it could be because the new router I installed has a different MAC address. So when a client ARP'ed for the default gateway's address, it replied with a different MAC address which did not match the DHCP Snooping database ? Do you guys think this might be the cause ?

Thanks for any ideas.

 

0 Helpful

Go to solution
paul driver
VIP
VIP
In response to tedauction

‎01-10-2020 01:48 AM - edited ‎01-10-2020 01:54 AM

Hello

@tedauction wrote:
Dec 14 14:50:01: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/0/37, vlan 10.([54bf.6401.faf7/10.21.7.115/0000.0000.0000/10.21.7.1

I would say you are correct, any change to a DAI in relation to hardware would indeed cause some issue, due to the routers physical address being changed each host will have an cache for its DG however this has changed so each host will need to flood a arp broadcast for its DG new mac address, Hence the above log.

Possibly two ways you may have negated:
1) Change the new routers interface physical address(s) to the mac address(s) of the old router.
2) Disable DAI for a time until all host have update the dhcp snoop DB running with the new router

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card