I have a 3750G acting as a core Layer 3 switch with two 4506 switches down stream directly from it, Switch 01 on Port channel 1, and Switch 02 on Port channel 2.

ARP inspection is turned on for all VLANs and we have DHCP Snooping enabled as well

I have found that users on the same VLAN across each switch cannot communicate with each other due to ARP (requests AND replies) not making it from Switch 01 over to Switch 02. However, ARP requests from Switch 02 do make it over to Switch 01 host (Validated with Packet captures).

So say Host 1.1.1.1 on VLAN 101 on Switch01 tries talking to host 1.1.1.2 on VLAN 101 on Switch02, the ARP request doesn't even make it to the host on Switch 02.
But if Host 1.1.1.2 sends an ARP, the host 1.1.1.1 on Switch01 receives the ARP and replies. The Reply however is eaten at the 3750 and never seen on Switch02.

Both hosts are able to get out from their subnets just fine or to other clients on the same subnet IF they share the same switch.

If on each host I statically define an ARP entry to each other, they can communicate just fine.

So the issue is strictly just ARP making it across.

When I disabled ARP inspection from the VLAN , everything works just fine and ARP makes it across.

I'm still not 100% grasping ARP Inspection - I get the idea, but the part that confuses me is the validation. I keep reading it requires the DHCP Binding to be there or to use ACL if static. But our environment is using a DHCP server that's not on the switch itself, so there's no DHCP binding.

I'm banging my head on this problem (which is a configuration I inherited) and so far the only solution that has worked is disabling ARP inspection. Even applying a Filter with ACL didn't fix the issue.

Thoughts or suggestions are welcomed.