Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
722
Views
0
Helpful
2
Replies

Dynamic ARP inspection issue

Andy White
Level 3
Level 3

‎04-23-2013 08:26 AM - edited ‎03-07-2019 12:59 PM

Hello,

I have enabled IP DHCP snooping on a 24 port 3560 switch (v small office) and let the database fill up, now I have added dynamic arp inspection on the single vlan and I amd getting these errors.

Apr 23 16:15:34: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Fa0/5, vlan 1.([5835.d9b0.b9d1/172.30.5.2/0000.0000.0000/172.30.5.3/16:15:33 BST Tue Apr 23 2013])

Apr 23 16:15:39: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Fa0/8, vlan 1.([0004.f2be.55e4/172.30.5.5/0000.0000.0000/172.30.5.8/16:15:39 BST Tue Apr 23 2013])

Apr 23 16:15:40: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Fa0/8, vlan 1.([0004.f2be.55e4/172.30.5.5/0000.0000.0000/172.30.5.8/16:15:40 BST Tue Apr 23 2013])

Apr 23 16:15:41: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Fa0/8, vlan 1.([0004.f2be.55e4/172.30.5.5/0000.0000.0000/172.30.5.8/16:15:41 BST Tue Apr 23 2013])

Apr 23 16:15:52: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Fa0/8, vlan 1.([0004.f2be.55e4/172.30.5.5/ffff.ffff.ffff/172.30.5.5/16:15:51 BST Tue Apr 23 2013])

Apr 23 16:15:53: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Fa0/8, vlan 1.([0004.f2be.55e4/172.30.5.5/ffff.ffff.ffff/172.30.5.5/16:15:52 BST Tue Apr 23 2013])

Apr 23 16:15:53: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Fa0/5, vlan 1.([5835.d9b0.b9d1/172.30.5.2/0000.0000.0000/172.30.5.3/16:15:53 BST Tue Apr 23 2013])

Apr 23 16:15:54: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Fa0/8, vlan 1.([0004.f2be.55e4/172.30.5.5/0000.0000.0000/172.30.5.8/16:15:54 BST Tue Apr 23 2013])

#sh ip dhcp binding

IP address       Client-ID/              Lease expiration        Type

                 Hardware address

172.30.5.21      0100.263e.0948.30       Apr 23 2013 08:34 PM    Automatic

172.30.5.22      0138.59f9.91e5.00       Apr 23 2013 04:47 PM    Automatic

172.30.5.23      015c.ac4c.64dd.0e       Apr 23 2013 08:49 PM    Automatic

172.30.5.24      01d4.bed9.0c1e.e5       Apr 23 2013 08:09 PM    Automatic

172.30.5.25      015c.260a.258c.9f       Apr 23 2013 05:02 PM    Automatic

172.30.5.26      01c0.cb38.58e9.93       Apr 23 2013 05:02 PM    Automatic

172.30.5.27      01d4.bed9.0c0b.e8       Apr 23 2013 05:40 PM    Automatic

172.30.5.28      01e4.d53d.8549.5f       Apr 23 2013 05:40 PM    Automatic

172.30.5.29      0100.24d6.5604.10       Apr 23 2013 06:24 PM    Automatic

172.30.5.30      0100.21b7.c4fe.e3       Apr 23 2013 08:29 PM    Automatic

172.30.5.40      0100.0d56.c480.78       Apr 24 2013 12:01 AM    Automatic

172.30.5.199     01e4.d53d.8531.23       Apr 23 2013 08:09 PM    Automatic

172.30.5.241     01c0.cb38.4289.84       Apr 23 2013 06:41 PM    Automatic

#show ip dhcp snooping binding

MacAddress          IpAddress        Lease(sec)  Type           VLAN  Interface

------------------  ---------------  ----------  -------------  ----  --------------------

D4:BE:D9:0C:1E:E5   172.30.5.24      13803       dhcp-snooping   1     FastEthernet0/22

5C:26:0A:25:8C:9F     172.30.5.25      2575        dhcp-snooping   1     FastEthernet0/22

E4:D5:3D:85:31:23     172.30.5.199     13820       dhcp-snooping   1     FastEthernet0/3

38:59:F9:91:E5:00      172.30.5.22      1694        dhcp-snooping   1     FastEthernet0/3

5C:AC:4C:64:DD:0E   172.30.5.23      16225       dhcp-snooping   1     FastEthernet0/3

00:26:3E:09:48:40      172.30.5.21      15299       dhcp-snooping   1     FastEthernet0/3

C0:CB:38:58:E9:93     172.30.5.26      2580        dhcp-snooping   1     FastEthernet0/3

D4:BE:D9:0C:0B:E7   172.30.5.27      4833        dhcp-snooping   1     FastEthernet0/22

00:24:D6:56:04:10      172.30.5.29      7472        dhcp-snooping   1     FastEthernet0/3

E4:D5:3D:85:49:5F     172.30.5.28      4856        dhcp-snooping   1     FastEthernet0/3

00:21:B7:C4:FE:E3     172.30.5.30      14979       dhcp-snooping   1     FastEthernet0/6

00:0D:56:C4:80:78      172.30.5.40      27691       dhcp-snooping   1     FastEthernet0/9

C0:CB:38:42:89:84      172.30.5.241     8523        dhcp-snooping   1     FastEthernet0/3

Total number of bindings: 13

Any ideas?  fa 0/8 is a host and 0/5 is a router they not in the dhcp bindings database as they are static can I manually add, is this how you get round this?

Thanks

Labels:
0 Helpful
2 Replies 2

noticketnomas
Level 1
Level 1

‎04-23-2013 08:46 AM

Did you configure fa0/5 as ip arp inspection trust?  Anything that is not in the DHCP snooping table will cause an invalid ARP error.  I suggest configuring both of those ports as trusted ports, especially if fa0/8 is a known device with a static IP.

0 Helpful

Andy White
Level 3
Level 3
In response to noticketnomas

‎04-23-2013 08:50 AM

Or can the static entries be added, I'm not sure what's best?

0 Helpful
Customers Also Viewed These Support Documents