03-26-2014 12:11 AM - edited 03-07-2019 06:51 PM
Hi,
after upgrading switch 2960 with latest ios release (c2960-lanbasek9-mz.150-2.SE5.bin) i have problem with DHCP snooping. These massage pop out:
04264: Mar 25 21:53:09: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Res) on Fa0/17, vlan 8.([30f7.0dad.a5d9/10.11.8.29/0026.cb33.10ff/10.11.8.1/21:53:09 CET Tue Mar 25 2014])
004265: Mar 25 21:53:11: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Res) on Fa0/20, vlan 8.([d48c.b527.f1ec/10.11.8.47/0026.cb33.10ff/10.11.8.1/21:53:10 CET Tue Mar 25 2014])
004266: Mar 25 21:53:14: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Fa0/24, vlan 3.([c84c.75a9.8bee/10.11.3.6/0000.0000.0000/10.11.3.1/21:53:13 CET Tue Mar 25 2014])
2960 switch is connected to distribution switch 4509, and i clear all mac address-table, arp table, clear ip dhcp binding, snooping everything (on boat access and distribution).... shutdown the port, reset switch but i am still receiving those messages.
vlan 8 is voice vlan - cisco phones...
Dhcp server is 4509 distribution switch...
example - port config:
interface FastEthernet0/20
switchport access vlan 31
switchport mode access
switchport nonegotiate
switchport voice vlan 8
switchport port-security maximum 3
switchport port-security
switchport port-security aging time 10
switchport port-security violation restrict
switchport port-security aging type inactivity
ip arp inspection limit rate 50
srr-queue bandwidth share 10 10 60 20
priority-queue out
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input AutoQoS-Police-CiscoPhone
Now port is running in "ip arp inspection trust" so user can access network (but that is no solution)....
So what else can I do, how to clear those DHCP_SNOOPING_DENY message?
Regards,
Ivan
03-26-2014 02:04 PM
Just update with other IOS c2960-lanbasek9-mz.150-2.SE4.bin and everything work ok.
Again upgrade to newest one c2960-lanbasek9-mz.150-2.SE5.bin gain same message appears.
4264: Mar 25 21:53:09: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Res) on Fa0/17, vlan 8.([30f7.0dad.a5d9/10.11.8.29/0026.cb33.10ff/10.11.8.1/21:53:09 CET Tue Mar 25 2014])
004265: Mar 25 21:53:11: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Res) on Fa0/20, vlan 8.([d48c.b527.f1ec/10.11.8.47/0026.cb33.10ff/10.11.8.1/21:53:10 CET Tue Mar 25 2014
Upgrade to 150-2.SE4.bin and everything work ok...
Strange :-)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide