12-16-2019 12:48 PM
Hello, we have been running DHCP snooping and ARP inspection successfully.
Yesterday I replaced the router attached to our switch and suddenly the switch became flooded with DAI error logs e.g.
Dec 14 14:50:01: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/0/37, vlan 10.([54bf.6401.faf7/10.21.7.115/0000.0000.0000/10.21.7.1/
I had to disable ARP inspection and DHCP snooping to allow traffic to pass normally.
Note that the MAC address of the router (10.21.7.1) is showing as 0000.0000.0000.
I am wondering why simply changing the uplink router caused this issue.
Thank you for any help.
Solved! Go to Solution.
01-10-2020 01:48 AM - edited 01-10-2020 01:54 AM
Hello
@tedauction wrote:
Dec 14 14:50:01: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/0/37, vlan 10.([54bf.6401.faf7/10.21.7.115/0000.0000.0000/10.21.7.1
I would say you are correct, any change to a DAI in relation to hardware would indeed cause some issue, due to the routers physical address being changed each host will have an cache for its DG however this has changed so each host will need to flood a arp broadcast for its DG new mac address, Hence the above log.
Possibly two ways you may have negated:
1) Change the new routers interface physical address(s) to the mac address(s) of the old router.
2) Disable DAI for a time until all host have update the dhcp snoop DB running with the new router
12-16-2019 03:16 PM
is it possible something else was introduced when you replaced the router? Like a spanning tree port that was BLOCKED is now not blocked, causing other network packets to drop on that switch/vlan that were not there before?
01-09-2020 07:04 PM - edited 01-09-2020 07:09 PM
I am thinking it could be because the new router I installed has a different MAC address. So when a client ARP'ed for the default gateway's address, it replied with a different MAC address which did not match the DHCP Snooping database ? Do you guys think this might be the cause ?
Thanks for any ideas.
01-10-2020 01:48 AM - edited 01-10-2020 01:54 AM
Hello
@tedauction wrote:
Dec 14 14:50:01: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/0/37, vlan 10.([54bf.6401.faf7/10.21.7.115/0000.0000.0000/10.21.7.1
I would say you are correct, any change to a DAI in relation to hardware would indeed cause some issue, due to the routers physical address being changed each host will have an cache for its DG however this has changed so each host will need to flood a arp broadcast for its DG new mac address, Hence the above log.
Possibly two ways you may have negated:
1) Change the new routers interface physical address(s) to the mac address(s) of the old router.
2) Disable DAI for a time until all host have update the dhcp snoop DB running with the new router
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: