Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7350
Views
5
Helpful
5
Replies

DHCP_SNOOPING_DENY

Go to solution
Ivan Marinovic
Level 1
Level 1

‎09-21-2011 11:34 PM - edited ‎03-07-2019 02:22 AM

Good morning,

I have one small problem...

When i change voice vlan on one location I start receiving this massage:

%SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Fa0/11, vlan 8.([e8ba.7006.b8aa/10.15.8.2/0000.0000.0000/10.15.8.1/21:52:59 C

And phones are not working any more…

loong description:

In one of our location we don’t have distribution switch, (because it is small-only 20 users), so we connect cisco 2960 directly to 6509. So our core switch is also distribution switch for that location.

Currently we are using 2 vlan  10 for voice and  20 for data. Now i need to change voice vlan to vlan 8. When i change/create new vlan, add new interface, add trunk… and on 2960 change switchport voice vlan. Ip phones (cisco and linksys) are not booting, they don’t receive dhcp. And in log i find these massage:

%SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Fa0/11, vlan 8.([e8ba.7006.b8aa/10.15.8.2/0000.0000.0000/10.15.8.1/21:52:59 C

So what command i need to enter that switch „trust“ that phones??

I try clear all mac, arp tables but that didn’t help.

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Talha Ansari
Level 1
Level 1

‎09-21-2011 11:48 PM

Hi,

It would be helpful if you post the configuration of 2960 and 6500.

I think you have DHCP and Dynamic Arp Inspection enabled right on 6500.

Try this :

1) Clear DHCP bindings on the DHCP server.

2) Change the Voice VLAN.

3) Clear ARP on 6500.

HTH

Regards,

Talha

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Talha Ansari
Level 1
Level 1

‎09-21-2011 11:48 PM

Hi,

It would be helpful if you post the configuration of 2960 and 6500.

I think you have DHCP and Dynamic Arp Inspection enabled right on 6500.

Try this :

1) Clear DHCP bindings on the DHCP server.

2) Change the Voice VLAN.

3) Clear ARP on 6500.

HTH

Regards,

Talha

0 Helpful

Go to solution
Ivan Marinovic
Level 1
Level 1
In response to Talha Ansari

‎09-22-2011 12:13 AM

Thanks on your replay...

i will try this tonight when no users are log on....

config  2960

114156-2960.txt.zip
0 Helpful

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to Ivan Marinovic

‎09-22-2011 01:25 AM

Hi,

You have DHCP snooping and DAI configured indeed:

ip dhcp snooping vlan 2-95

ip dhcp snooping

ip name-server

ip arp inspection vlan 2-95

So do like Talha said and also clear the ip dhcp snooping binding database:

clear ip dhcp snooping database

Regards.

Alain.

Don't forget to rate helpful posts.

Go to solution
Ivan Marinovic
Level 1
Level 1
In response to cadet alain

‎09-22-2011 01:29 PM

Hi,

I did as Talha sad:

1) Clear DHCP bindings on the DHCP server.

2) Change the Voice VLAN.

3) Clear ARP on 6500.

but it was not working so i did:

no ip dhcp snooping vlan 2-95

no ip dhcp snooping

no ip name-server

no ip arp inspection vlan 2-95

and then everything go ok... and then I enable privies command....

Thanx,

Ivan

0 Helpful

Go to solution
Talha Ansari
Level 1
Level 1
In response to Ivan Marinovic

‎09-22-2011 10:39 PM

Using the no commands was the shortest cut..

Nice to know it ended well.

0 Helpful
Customers Also Viewed These Support Documents