Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2368
Views
0
Helpful
2
Replies

ip arp inspection

Go to solution
clark white
Level 2
Level 2

‎02-02-2017 12:49 PM - edited ‎03-08-2019 09:09 AM

Dears,

i have a staging setup for Nexus as a core and 38XX as an access switches i have configured multiples vlans on these access switches, .i have configured dhcp snooping and arp inspection, everything works fine for me except when i move my PC to test from multiple vlan to different switches for example if i am testing a laptop on 3850-A  on vlan 2 it gets the ip add and no error logs on the console but when i move the laptop to vlan 3 on 3850 B i get the SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on gigabit int 1/0/34 but the laptop receives IP and it is able to ping the Default gateway and other PC in the same vlan 

is it normal or some abnormal behavior. i think it should not show the invalid arp logs,

Topology:

               (trust interface)

access-switch--------->core-----Firewall (Default gateway for Vlans)

Do i have to enter the ip arp inspection trust and ip dhcp snooping trust on the interface which is trunk on the core to the firewall.one of the 3850 switch is acting as an DHCP server.

Thanks

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
johnd2310
Level 8
Level 8

‎02-02-2017 04:42 PM

Hi,

When you move the PC to vlan 3 it tries to use/renew the ip address it used on vlan 2, the switch will deny this and generate the error you are seeing. The PC then  goes the discover process and gets an ip address for vlan 3. I think this is normal behavior for  a client moving between vlans. I think your configuration is correct. Dhcp snopping and arp inspection trust should be on the link between the access and the core switch acting as the dhcp server. You do not need these commands on the link to the firewall.

Thanks

John

**Please rate posts you find helpful**

View solution in original post

0 Helpful
2 Replies 2

Go to solution
johnd2310
Level 8
Level 8

‎02-02-2017 04:42 PM

Hi,

When you move the PC to vlan 3 it tries to use/renew the ip address it used on vlan 2, the switch will deny this and generate the error you are seeing. The PC then  goes the discover process and gets an ip address for vlan 3. I think this is normal behavior for  a client moving between vlans. I think your configuration is correct. Dhcp snopping and arp inspection trust should be on the link between the access and the core switch acting as the dhcp server. You do not need these commands on the link to the firewall.

Thanks

John

**Please rate posts you find helpful**
0 Helpful

Go to solution
clark white
Level 2
Level 2
In response to johnd2310

‎02-04-2017 08:22 AM

Dear john 

Thanks for the confirmation. i have rated +5

0 Helpful
Customers Also Viewed These Support Documents