Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3106
Views
5
Helpful
6
Replies

ip arp inspection, windows 10 and printers issue

Go to solution
keithsauer507
Level 5
Level 5

‎08-06-2018 10:44 AM - edited ‎03-08-2019 03:50 PM

We have ip arp inspection turned on and dhcp snooping on all 3750 switch stacks in our org.  We noticed a bug in Windows 10 when you browse for a printer, it instantly trips arp inspection and the port goes errdisabled for some time before re-enabling the port.

 

Does anyone know why this is only a Windows 10 issue?  We haven't seen this with Windows 7.  In fact I'm not sure we've seen this with the initial Windows 10 build, however we are all on builds 1703 through 1803 in our org.  

 

Since it doesn't happen on Windows 7 or other operating systems, shouldn't this be considered a Microsoft issue?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
johnd2310
Level 8
Level 8
In response to keithsauer507

‎08-07-2018 04:34 PM

Hi,

I have seen this issue from Windows xp to Windows 10. It seems to get worse as you move from xp to 10. The only conclusion i have is Windows gets more talkative with each upgrade. You will also see this issue with mobile user who dock\undock mobile devices without shutting down. So, yes, this is normal on a network with windows clients. I would configure "ip arp inspection limit rate 50" on all client ports on the switches. It will not impact non-windows clients.

 

Thanks

John

**Please rate posts you find helpful**

View solution in original post

0 Helpful
6 Replies 6

Go to solution
johnd2310
Level 8
Level 8

‎08-06-2018 04:48 PM

Hi,

What is tripping the port? You can check the switch logs for the reason the port trips. If the cause is rate limit, then you will need to increase  "ip arp inspection limit rate" to suitable value for your environment.I use a value of 100

 

Thanks

John

**Please rate posts you find helpful**

Go to solution
PaulSmith
Level 1
Level 1

‎08-06-2018 05:11 PM

A log message will specify a source and destination MAC and IP address. Use this information to create a manual binding. This should also bring you a step closer to understanding the root cause. I wouldn't worry too much about the Windows side of things. I believe this is more a network issue that needs to be trouble shooted as such.

0 Helpful

Go to solution
keithsauer507
Level 5
Level 5
In response to PaulSmith

‎08-07-2018 01:10 PM

Windows 10 add printers causes a bunch of arp's to go to these 169.x.x.x ip addresses.  These aren't even IP's used in our network.  

 

The switchport command  ip arp inspection limit rate 50 resolves the issue.

 

This only affects Windows 10 machines.  If its Windows 7 or another device then this limit rate 50 is not needed.

 

We do map static IP's like our printers using ip source binding mac address vlan # ip address interface Gix/x/x

 

I suspected a Windows 10 issue because only windows 10 blasts the network with 169.x.x.x arps when adding a new printer.

 

Now we have to keep track of which ports Windows 10 devices are on.  So its fixable but is it normal?

0 Helpful

Go to solution
PaulSmith
Level 1
Level 1
In response to keithsauer507

‎08-07-2018 03:08 PM

Yes, I also work in an environment where we see plenty of DAI logs with '169' in them. As you probably know the 169.254 address is a self assigned link local address that a host uses when it can't get an address from DHCP. I would simply do what is required to get that host to do another DHCP discover with rebooting probably the best option. Once it does a proper DHCP discover, it should get added to the DHCP Snooping database and be ok from that point on.

0 Helpful

Go to solution
keithsauer507
Level 5
Level 5
In response to PaulSmith

‎08-17-2018 11:24 AM

The machines have valid ipv4 addresses.  Its strange that with working ipv4 addresses from DHCP they arp for the 169 addresses.  I thought maybe it has to do with IPv6 (we don't do any of that here in DHCP or anything), but then again that wouldn't come over in that format.

 

 

Good to know the limit of 50 won't hurt non windows 10 devices as well. Just have to find that happy medium where things work but its still secure.

0 Helpful

Go to solution
johnd2310
Level 8
Level 8
In response to keithsauer507

‎08-07-2018 04:34 PM

Hi,

I have seen this issue from Windows xp to Windows 10. It seems to get worse as you move from xp to 10. The only conclusion i have is Windows gets more talkative with each upgrade. You will also see this issue with mobile user who dock\undock mobile devices without shutting down. So, yes, this is normal on a network with windows clients. I would configure "ip arp inspection limit rate 50" on all client ports on the switches. It will not impact non-windows clients.

 

Thanks

John

**Please rate posts you find helpful**
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card