cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1192
Views
0
Helpful
1
Replies
mahesh18
Frequent Contributor

Dynamic arp inspection issue

Hi all,

I have 3550 switc and dhcp snooping  is running on it and also i enabled dhcp arp  inspection on it for all vlans.

3550SMIA#sh ip arp inspection

Source Mac Validation      : Disabled
Destination Mac Validation : Disabled
IP Address Validation      : Disabled

Vlan     Configuration    Operation   ACL Match          Static ACL
----     -------------    ---------   ---------          ----------
    1     Enabled          Active
   20     Enabled          Active
   30     Enabled          Active

Vlan     ACL Logging      DHCP Logging      Probe Logging
----     -----------      ------------      -------------
    1     Deny             Deny              Off
   20     Deny             Deny              Off
   30     Deny             Deny              Off

Vlan      Forwarded        Dropped     DHCP Drops      ACL Drops
----      ---------        -------     ----------      ---------
    1              0              0              0              0
   20            186              1              1              0
   30              0              0              0              0

Vlan   DHCP Permits    ACL Permits  Probe Permits   Source MAC Failures
----   ------------    -----------  -------------   -------------------
    1              0              0              0                     0
   20            101              0              0                     0
   30              0              0              0                     0

Vlan   Dest MAC Failures   IP Validation Failures   Invalid Protocol Data
----   -----------------   ----------------------   ---------------------
    1                   0                        0                       0
   20                   0                        0                       0
   30                   0                        0                       0

It has interface gi0/2  which is trunk and that goes to B  switch.

Switch A  trunk config

IA#sh run int gi0/2
Building configuration...

Current configuration : 155 bytes
!
interface GigabitEthernet0/2
description Dynamic Desirable connection to 3550SMIB  Switch
switchport mode dynamic desirable
udld port aggressive
end

*******************************************************************************************

3550B  switch has no dhcp arp inspection enabled.

on b switch i have connected my pc and it is working fine.

logs are clean  on b switch.

Switch B  trunk config

B#sh run int gi0/2
Building configuration...

Current configuration : 95 bytes
!
interface GigabitEthernet0/2
switchport mode dynamic desirable
ip dhcp snooping trust
end

******************************************************************************8

My issue is on A  switch i see these log error messages

Feb  8 09:14:12.579 MST: %DHCP_SNOOPING-5-DHCP_SNOOPING_NONZERO_GIADDR: DHCP_SNOOPING drop message with non-zero giaddr or option82 value on untrusted port, message type: DHCPINFORM, MAC sa: 0024.7ee1.fb24
Feb  8 09:19:12.647 MST: %SYS-5-CONFIG_I: Configured from console by mintoo on vty1 (192.168.5.1)
Feb  8 09:20:21.436 MST: %DHCP_SNOOPING-5-DHCP_SNOOPING_NONZERO_GIADDR: DHCP_SNOOPING drop message with non-zero giaddr or option82 value on untrusted port, message type: DHCPDISCOVER, MAC sa: 0024.7ee1.fb24
Feb  8 09:22:48.304 MST: %DHCP_SNOOPING-5-DHCP_SNOOPING_NONZERO_GIADDR: DHCP_SNOOPING drop message with non-zero giaddr or option82 value on untrusted port, message type: DHCPREQUEST, MAC sa: 0024.7ee1.fb24
Feb  8 09:25:21.704 MST: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi0/2, vlan 20.([0009.e8a2.0080/192.168.20.2/0000.0c07.ac00/192.168.20.3/09:25:21 MST Tue Feb 8 2011])
Feb  8 09:26:03.885 MST: %DHCP_SNOOPING-5-DHCP_SNOOPING_NONZERO_GIADDR: DHCP_SNOOPING drop message with non-zero giaddr or option82 value on untrusted port, message type: DHCPINFORM, MAC sa: 0024.7ee1.fb24
Feb  8 09:26:21.706 MST: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi0/2, vlan 20.([0009.e8a2.0080/192.168.20.2/0000.0c07.ac00/192.168.20.3/09:26:21 MST Tue Feb 8 2011])
Feb  8 09:29:44.791 MST: %SYS-5-CONFIG_I: Configured from console by mintoo on vty3 (192.168.5.1)
Feb  8 09:31:10.149 MST: %DHCP_SNOOPING-5-DHCP_SNOOPING_NONZERO_GIADDR: DHCP_SNOOPING drop message with non-zero giaddr or option82 value on untrusted port, message type: DHCPINFORM, MAC sa: 0024.7ee1.fb24

1 REPLY 1
dixho
Frequent Contributor

did you try "no ip dhcp snooping information option" on all the switches between switch A and the DHCP server?