I've turned on the dynamic arp inspection on the network for a couple weeks, and I've been getting a lots of err-disable ports. I found out that users trying to find/browse for printers trigger the err-disable because of the flood of arps on the network.
I tested and it really happened every time I browsed for a network printer:
Start->Settings->Printers and Faxes
Selected -> A network printer, or a printer attached to another computer)
Selected -> Printer (or to browser for a printer, select his option and click Next)
I colleted some packets and I saw that the computer asked the wins server about the printers and then the user computer went on every single computer sharing a printer on the subnet and verified if the printer was reachable.
To check every single printer it had to communicate with lots of workstations, on this case I had about 30 printers on the subnet and it flooded the network with arp requests and its port got disabled
Has anyone seen these behavior before ? I know its a Cisco forum but is there anything I can change on the Microsoft side to fix it ? I don't really want to increase the limit of the arps on the switc.
The solution was to investigate the WINS server configuration. I found out that the server were not synchronized and that caused the desktops broadcast the network to search for the printers. After that the computers stoped the broadcast and the arp flood.
I've seen the same issue here but it might happen on 1 desktop and then never happen again on that same desktop doing the exact same steps. I'll get our server people to have a quick look on their side while I wireshark yet again.
Thanks for the info