cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
493
Views
0
Helpful
2
Replies

ME3600 ip unnumbered poll issue

Alpingolt
Level 1
Level 1

Hello. I am trying to set up ip unnumbered on ME-3600X-24FS-M.
IOS version currently running is 15.3(3)S1, also tried suggested (15.5(3)S2)

Problem occur, when i'm trying to enable arp poll mechanism (ip unnumbered <interface> poll).
A windows PC does not apply settings which it has got via dhcp. It is recieving DHCP ACK and to ensure,
that there is no stations with the same ip around, it then sends gratuitous
arp, with src ip 0.0.0.0 src mac of itself and dst address, that was in DHCP ACK.
ME3600 then sends an arp reply, with desired ip and it's own mac address in source (does not happen,
if i switch off poll), a PC then sends DHCP DECLINE, because it thinks, that duplicate ip occur.
This is what i see from debug arp:

.Mar 21 14:11:39.175: IP ARP: rcvd req src 0.0.0.0 3c07.7159.98d2, dst 10.246.0.5 Vlan3996
.Mar 21 14:11:39.175: IP ARP: rejecting entry for IP address: 0.0.0.0, hw: 3c07.7159.98d2
.Mar 21 14:11:39.175: IP ARP: sent rep src 10.246.0.5 5c50.1543.8640

Here is testing lab's config:

ip dhcp pool testdhcppoll
network 10.246.0.0 255.255.255.0
default-router 10.246.0.1

vlan 3996

interface Loopback1
ip address 10.246.0.1 255.255.255.0

interface GigabitEthernet0/3
switchport access vlan 3996
spanning-tree portfast
spanning-tree bpdufilter enable
end

interface Vlan3996
ip unnumbered Loopback1 poll

I've tried to disable gratuitous arp and proxy arp and things like these,
but nothing helps. Only solution i've found so far is to switch on
ip arp inspection with an arp acl:

arp access-list denygratarp
deny request ip host 0.0.0.0 mac any
permit ip any mac any

Then it works, but when i switch on arp inspection on a customer vlan, on any of 3600s in my production network, i'm getting some unpleasant tracebacks in logs:

Mar 21 12:11:46: -Traceback= 7316A4z 28646B0z 2865DBCz 2F53E70z 25B3D00z 25F7808z 25F24C4z 25F3338z 2F3F06Cz 2894CC4z 2894CC4z 2F3F128z 1066C18z 1066C18z 10672F8z 247667Cz
Mar 21 12:11:46: ************** SVI SEND invoked with NULL HWIDB
Mar 21 12:11:46: -Traceback= 7316A4z 28646B0z 2865DBCz 2F53E70z 25B3D00z 25F7808z 25F24C4z 25F3338z 2F3F06Cz 2894CC4z 2894CC4z 2F3F128z 1066C38z 1066C18z 10672F8z 247667Cz
Mar 21 12:11:46: ************** SVI SEND invoked with NULL HWIDB

Also I really don't want to use arp inspection, if not needed.
Are there any ways to solve this problem?
Also tested this mechanism on several other L3 switches, 3750-12G and C4900M, seems to work fine.

2 Replies 2

pwwiddicombe
Level 4
Level 4

Do you happen to have IP device tracking enabled on the switch?  If you do, then consider disabling it if you don't really use it.

It does some funky things with ARP that can give the duplicate IP issue; although I don't recall it calling tracebacks.

Thank you for the advice, but it seems 3600 does not use device tracking, at least i didn't find a way to turn it off or on. And if i understand it right, device tracking can cause almost same problem, but at random. Arp probe could be sent in coincidence while windows is waiting reply for it's gratuitous arp. But also could be not. In my case 3600 always reply.

Review Cisco Networking for a $25 gift card