Need help with ARP Inspection on SF-300 Switch

ryankey123 · ‎08-21-2012

I have an SF-300-24 port switch and am having an issue.

When a device says "Who has 192.168.0.1" (which is the default gateway) two devices are replying in the affirmative, and therefor the MAC address table is getting screwed up.

I know the correct MAC address of 192.168.0.1 is 00:1b:21:95:02:b0, so how do I tell the router to disgard any packets that say otherwise? I tried to figure out DHCP snooping and IP source guard, and ARP Inspection, but I am not getting anywhere and keep losing connectivity to the switch.

Seems that this should be simple, any help is much appreciated! Obviously a device on the network is misconfigured, unfortunately it is a large wireless network and the misconfigured device is 30 miles away on the top of a mountain. I am hoping to bandaid it locally and then eventually go out and fix the offending equipment.

Thanks,

Ryan

Tom Watts · ‎08-21-2012

Hi Ryan, when you set the arp inspection, you need to specify the mac address to be trusted or make the entire interface trusted. If you do not specify your computer mac as trusted, the switch will 'black list' your mac and you will no longer connect to any port.

-Tom

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

ryankey123 · ‎08-21-2012

ARP Inspection > Properties > ARP Inspection Status = Enabled

ARP Packet Validation = Enabled

ARP Inspection > Interface Settings > FE1 Interface Trusted = YES (this is the port the router is connected to)

All other interfaces Trusted = NO

Under ARP Access Control Rules I added 192.168.0.1 and MAC address 00:1b:21:95:02:b0 which is the correct MAC

Still doesn't work. IF under ARP Inspection > VLAN Settings I add VLAN1 to the Enabled VLANs than I get banned from the switch, and nobody can connect to anything and it requires a hard reset.