08-21-2012 02:20 PM - edited 03-07-2019 08:28 AM
I have an SF-300-24 port switch and am having an issue.
When a device says "Who has 192.168.0.1" (which is the default gateway) two devices are replying in the affirmative, and therefor the MAC address table is getting screwed up.
I know the correct MAC address of 192.168.0.1 is 00:1b:21:95:02:b0, so how do I tell the router to disgard any packets that say otherwise? I tried to figure out DHCP snooping and IP source guard, and ARP Inspection, but I am not getting anywhere and keep losing connectivity to the switch.
Seems that this should be simple, any help is much appreciated! Obviously a device on the network is misconfigured, unfortunately it is a large wireless network and the misconfigured device is 30 miles away on the top of a mountain. I am hoping to bandaid it locally and then eventually go out and fix the offending equipment.
Thanks,
Ryan
08-21-2012 02:29 PM
Hi Ryan, when you set the arp inspection, you need to specify the mac address to be trusted or make the entire interface trusted. If you do not specify your computer mac as trusted, the switch will 'black list' your mac and you will no longer connect to any port.
-Tom
08-21-2012 02:46 PM
ARP Inspection > Properties > ARP Inspection Status = Enabled
ARP Packet Validation = Enabled
ARP Inspection > Interface Settings > FE1 Interface Trusted = YES (this is the port the router is connected to)
All other interfaces Trusted = NO
Under ARP Access Control Rules I added 192.168.0.1 and MAC address 00:1b:21:95:02:b0 which is the correct MAC
Still doesn't work. IF under ARP Inspection > VLAN Settings I add VLAN1 to the Enabled VLANs than I get banned from the switch, and nobody can connect to anything and it requires a hard reset.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide