Hi all,
I have 3550 switc and dhcp snooping is running on it and also i enabled dhcp arp inspection on it for all vlans.
3550SMIA#sh ip arp inspection
Source Mac Validation : Disabled
Destination Mac Validation : Disabled
IP Address Validation : Disabled
Vlan Configuration Operation ACL Match Static ACL
---- ------------- --------- --------- ----------
1 Enabled Active
20 Enabled Active
30 Enabled Active
Vlan ACL Logging DHCP Logging Probe Logging
---- ----------- ------------ -------------
1 Deny Deny Off
20 Deny Deny Off
30 Deny Deny Off
Vlan Forwarded Dropped DHCP Drops ACL Drops
---- --------- ------- ---------- ---------
1 0 0 0 0
20 186 1 1 0
30 0 0 0 0
Vlan DHCP Permits ACL Permits Probe Permits Source MAC Failures
---- ------------ ----------- ------------- -------------------
1 0 0 0 0
20 101 0 0 0
30 0 0 0 0
Vlan Dest MAC Failures IP Validation Failures Invalid Protocol Data
---- ----------------- ---------------------- ---------------------
1 0 0 0
20 0 0 0
30 0 0 0
It has interface gi0/2 which is trunk and that goes to B switch.
Switch A trunk config
IA#sh run int gi0/2
Building configuration...
Current configuration : 155 bytes
!
interface GigabitEthernet0/2
description Dynamic Desirable connection to 3550SMIB Switch
switchport mode dynamic desirable
udld port aggressive
end
*******************************************************************************************
3550B switch has no dhcp arp inspection enabled.
on b switch i have connected my pc and it is working fine.
logs are clean on b switch.
Switch B trunk config
B#sh run int gi0/2
Building configuration...
Current configuration : 95 bytes
!
interface GigabitEthernet0/2
switchport mode dynamic desirable
ip dhcp snooping trust
end
******************************************************************************8
My issue is on A switch i see these log error messages
Feb 8 09:14:12.579 MST: %DHCP_SNOOPING-5-DHCP_SNOOPING_NONZERO_GIADDR: DHCP_SNOOPING drop message with non-zero giaddr or option82 value on untrusted port, message type: DHCPINFORM, MAC sa: 0024.7ee1.fb24
Feb 8 09:19:12.647 MST: %SYS-5-CONFIG_I: Configured from console by mintoo on vty1 (192.168.5.1)
Feb 8 09:20:21.436 MST: %DHCP_SNOOPING-5-DHCP_SNOOPING_NONZERO_GIADDR: DHCP_SNOOPING drop message with non-zero giaddr or option82 value on untrusted port, message type: DHCPDISCOVER, MAC sa: 0024.7ee1.fb24
Feb 8 09:22:48.304 MST: %DHCP_SNOOPING-5-DHCP_SNOOPING_NONZERO_GIADDR: DHCP_SNOOPING drop message with non-zero giaddr or option82 value on untrusted port, message type: DHCPREQUEST, MAC sa: 0024.7ee1.fb24
Feb 8 09:25:21.704 MST: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi0/2, vlan 20.([0009.e8a2.0080/192.168.20.2/0000.0c07.ac00/192.168.20.3/09:25:21 MST Tue Feb 8 2011])
Feb 8 09:26:03.885 MST: %DHCP_SNOOPING-5-DHCP_SNOOPING_NONZERO_GIADDR: DHCP_SNOOPING drop message with non-zero giaddr or option82 value on untrusted port, message type: DHCPINFORM, MAC sa: 0024.7ee1.fb24
Feb 8 09:26:21.706 MST: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi0/2, vlan 20.([0009.e8a2.0080/192.168.20.2/0000.0c07.ac00/192.168.20.3/09:26:21 MST Tue Feb 8 2011])
Feb 8 09:29:44.791 MST: %SYS-5-CONFIG_I: Configured from console by mintoo on vty3 (192.168.5.1)
Feb 8 09:31:10.149 MST: %DHCP_SNOOPING-5-DHCP_SNOOPING_NONZERO_GIADDR: DHCP_SNOOPING drop message with non-zero giaddr or option82 value on untrusted port, message type: DHCPINFORM, MAC sa: 0024.7ee1.fb24
