Hi,

Devices connected in vlan 99(Static Ip) are unable to be reached via icmp from pc's connected in vlan 200.

I suspect arp inspection to be culprit here. appreciate if people can help out.

interface Vlan 99

ip address 192.168.99.1 255.255.255.0

ip verify unicast source reachable-via rx

no ip redirects

no ip unreachables

no ip proxy-arp

ip wccp 11 redirect out

ip pim sparse-mode

port configuration for device in vlan 99 on edge switch ;

( the device is connected to port with static ip 192.168.99.32 )

interface FastEthernet1/0/11

  switchport access vlan 99

switchport mode access

switchport port-security maximum 3

switchport port-security

switchport port-security aging time 5

switchport port-security violation restrict

storm-control broadcast level 20.00 10.00

storm-control multicast level 20.00 10.00

no cdp enable

spanning-tree portfast

spanning-tree bpduguard enable19

spanning-tree guard root

ip dhcp snooping limit rate 15

i see following in the layer3 switch;

ip arp inspection vlan 10,92-103

ip arp inspection validate src-mac

ip dhcp snooping vlan 1-724

Portchannel on layer 3 which connects the edge switch  has this configuration;

interface Port-channel5

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

ip arp inspection limit none

no ip address

mls qos trust cos

storm-control broadcast level 5.00

storm-control multicast level 5.00

similar configuration on the edge switch is;

interface Port-channel5

switchport trunk encapsulation dot1q

switchport mode trunk

ip arp inspection trust

ip dhcp snooping trust

[EDIT - I guess there can be a static binding put in for this to work , but that will be cumbersome with many static ip's for such devices in the network.]

Please help.

thanks in advance!

Message was edited by: sunny thomas