cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
1716
Views
5
Helpful
6
Replies
keithsauer507
Contributor

ip arp inspection, windows 10 and printers issue

We have ip arp inspection turned on and dhcp snooping on all 3750 switch stacks in our org.  We noticed a bug in Windows 10 when you browse for a printer, it instantly trips arp inspection and the port goes errdisabled for some time before re-enabling the port.

 

Does anyone know why this is only a Windows 10 issue?  We haven't seen this with Windows 7.  In fact I'm not sure we've seen this with the initial Windows 10 build, however we are all on builds 1703 through 1803 in our org.  

 

Since it doesn't happen on Windows 7 or other operating systems, shouldn't this be considered a Microsoft issue?

1 ACCEPTED SOLUTION

Accepted Solutions

Hi,

I have seen this issue from Windows xp to Windows 10. It seems to get worse as you move from xp to 10. The only conclusion i have is Windows gets more talkative with each upgrade. You will also see this issue with mobile user who dock\undock mobile devices without shutting down. So, yes, this is normal on a network with windows clients. I would configure "ip arp inspection limit rate 50" on all client ports on the switches. It will not impact non-windows clients.

 

Thanks

John

**Please rate posts you find helpful**

View solution in original post

6 REPLIES 6
johnd2310
Collaborator

Hi,

What is tripping the port? You can check the switch logs for the reason the port trips. If the cause is rate limit, then you will need to increase  "ip arp inspection limit rate" to suitable value for your environment.I use a value of 100

 

Thanks

John

**Please rate posts you find helpful**
PaulSmith
Beginner

A log message will specify a source and destination MAC and IP address. Use this information to create a manual binding. This should also bring you a step closer to understanding the root cause. I wouldn't worry too much about the Windows side of things. I believe this is more a network issue that needs to be trouble shooted as such.

Windows 10 add printers causes a bunch of arp's to go to these 169.x.x.x ip addresses.  These aren't even IP's used in our network.  

 

The switchport command  ip arp inspection limit rate 50 resolves the issue.

 

This only affects Windows 10 machines.  If its Windows 7 or another device then this limit rate 50 is not needed.

 

We do map static IP's like our printers using ip source binding mac address vlan # ip address interface Gix/x/x

 

I suspected a Windows 10 issue because only windows 10 blasts the network with 169.x.x.x arps when adding a new printer.

 

Now we have to keep track of which ports Windows 10 devices are on.  So its fixable but is it normal?

Yes, I also work in an environment where we see plenty of DAI logs with '169' in them. As you probably know the 169.254 address is a self assigned link local address that a host uses when it can't get an address from DHCP. I would simply do what is required to get that host to do another DHCP discover with rebooting probably the best option. Once it does a proper DHCP discover, it should get added to the DHCP Snooping database and be ok from that point on.

The machines have valid ipv4 addresses.  Its strange that with working ipv4 addresses from DHCP they arp for the 169 addresses.  I thought maybe it has to do with IPv6 (we don't do any of that here in DHCP or anything), but then again that wouldn't come over in that format.

 

 

Good to know the limit of 50 won't hurt non windows 10 devices as well. Just have to find that happy medium where things work but its still secure.

Hi,

I have seen this issue from Windows xp to Windows 10. It seems to get worse as you move from xp to 10. The only conclusion i have is Windows gets more talkative with each upgrade. You will also see this issue with mobile user who dock\undock mobile devices without shutting down. So, yes, this is normal on a network with windows clients. I would configure "ip arp inspection limit rate 50" on all client ports on the switches. It will not impact non-windows clients.

 

Thanks

John

**Please rate posts you find helpful**

View solution in original post