Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
235
Views
0
Helpful
0
Replies

Ports shutting down temporally due to arp-inspection

Rick001
Level 1
Level 1

‎09-12-2023 05:53 AM

We have a couple of Cisco 9300 switches. We had the switch configured using STIGS. A couple users have complained that their Avaya phones restarted. I started running the show logs and noticed the following:

 

 

Sep 11 19:25:00.133 GMT: %PM-4-ERR_RECOVER: Attempting to recover from storm-control err-disable state on Gi2/0/22
Sep 11 19:25:00.821 GMT: %ILPOWER-5-DETECT: Interface Gi2/0/22: Power Device detected: IEEE PD
Sep 11 19:25:01.820 GMT: %ILPOWER-5-POWER_GRANTED: Interface Gi2/0/22: Power granted
Sep 11 19:25:05.110 GMT: %LINK-3-UPDOWN: Interface GigabitEthernet2/0/22, changed state to up
Sep 11 19:25:06.110 GMT: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/0/22, changed state to up

Sep 12 11:06:13.036 GMT: %SW_DAI-4-PACKET_RATE_EXCEEDED: 17 packets received in 207 milliseconds on Gi3/0/24.
Sep 12 11:06:13.036 GMT: %PM-4-ERR_DISABLE: arp-inspection error detected on Gi3/0/24, putting Gi3/0/24 in err-disable state
Sep 12 11:06:14.037 GMT: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet3/0/24, changed state to down
Sep 12 11:06:15.037 GMT: %LINK-3-UPDOWN: Interface GigabitEthernet3/0/24, changed state to down
Sep 12 11:08:13.030 GMT: %PM-4-ERR_RECOVER: Attempting to recover from arp-inspection err-disable state on Gi3/0/24
Sep 12 11:08:14.423 GMT: %ILPOWER-5-DETECT: Interface Gi3/0/24: Power Device detected: IEEE PD
Sep 12 11:08:15.443 GMT: %ILPOWER-5-POWER_GRANTED: Interface Gi3/0/24: Power granted
Sep 12 11:08:18.639 GMT: %LINK-3-UPDOWN: Interface GigabitEthernet3/0/24, changed state to up
Sep 12 11:08:19.639 GMT: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet3/0/24, changed state to up

Sep 12 11:53:23.761 GMT: %SW_DAI-4-PACKET_RATE_EXCEEDED: 18 packets received in 29 milliseconds on Gi3/0/14.
Sep 12 11:53:23.761 GMT: %PM-4-ERR_DISABLE: arp-inspection error detected on Gi3/0/14, putting Gi3/0/14 in err-disable state
Sep 12 11:53:24.761 GMT: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet3/0/14, changed state to down
Sep 12 11:53:25.763 GMT: %LINK-3-UPDOWN: Interface GigabitEthernet3/0/14, changed state to down

 

 


Most of the ports of configured as follows:

 

 

interface GigabitEthernet3/0/24
description PC
switchport access vlan 1234
switchport mode access
switchport nonegotiate
switchport block unicast
switchport voice vlan 60
switchport port-security maximum 3
switchport port-security mac-address sticky
switchport port-security mac-address sticky xxxx.xxxx.xxx1 vlan voice
switchport port-security mac-address sticky xxxx.xxxx.xxx2
switchport port-security
storm-control broadcast level 40.00
storm-control unicast level 80.00
storm-control action shutdown
spanning-tree portfast
spanning-tree bpdufilter disable
spanning-tree bpduguard enable
spanning-tree guard root
end

 

 

Not sure if raising the storm-control levels while still complying with STIGS would solve the problem.

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card