10-09-2011 08:33 AM - edited 03-07-2019 02:41 AM
Hi,
I have enabled DHCP snopping on my layer 3 and layer 2 switch.
But his message comes on my layer 3 switch.
Oct 9 09:28:00.022 MST: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi0/1, vlan 10.([0009.e8a2.0080/192.168.10.2/0000.0000.0000/136.159.2.2/09:27:59 MST Sun Oct 9 2011])
Oct 9 09:28:02.022 MST: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Fa0/8, vlan 10.([000b.bece.bbc0/192.168.10.5/0000.0000.0000/192.168.10.3/09:28:01 MST Sun Oct 9 2011])
Oct 9 09:28:02.022 MST: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi0/1, vlan 10.([0009.e8a2.0080/192.168.10.2/0000.0000.0000/136.159.2.2/09:28:01 MST Sun Oct 9 201
Oct 9 09:28:00.022 MST: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi0/1, vlan 10.([0009.e8a2.0080/192.168.10.2/0000.0000.0000/136.159.2.2/09:27:59 MST Sun Oct 9 2011])
Oct 9 09:28:02.022 MST: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Fa0/8, vlan 10.([000b.bece.bbc0/192.168.10.5/0000.0000.0000/192.168.10.3/09:28:01 MST Sun Oct 9 2011])
Oct 9 09:28:02.022 MST: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi0/1, vlan 10.([0009.e8a2.0080/192.168.10.2/0000.0000.0000/136.159.2.2/09:28:01 MST Sun Oct 9 201
Also i checked the nei switch as this switch goes to layer 2 and layer 3 switch
3550SMIA# sh cdp nei
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
3550SMIB Gig 0/1 138 S I WS-C3550- Gig 0/1
3550SMIB Gig 0/2 138 S I WS-C3550- Gig 0/2
2950T Fas 0/8 142 S I WS-C2950T Fas 0/8
From 3550 A switch i can not ping IP of 2950 and 3550B switch.
Interface is up up vlans are up.
i rebooted the switch still same thing?
Please let me know how can i fix this?
Thanks
Mahesh
Solved! Go to Solution.
10-10-2011 12:47 PM
Hi Mahesh,
from the 3550 can you post?
sh vlan bri
sh run int fa0/8 (this should be the interface that connects to the 2950 right)?
sh run int vlan 10
Are you still having problem pinging 192.168.10.5 while you are connected to the 2950?
Thanks.
10-09-2011 12:33 PM
Hi Mahesh,
could you ping before you enable the IGMP snooping?
if both 2950 and 3550B are layer-2 switch, then you can only ping the management interface if you have configured an SVI on both devices
HTH
10-09-2011 12:44 PM
Hi Reza,
Thanks for reply.
Yes i was able to ping before.
only 2950 is layer 2 3550 A and B are layer 3.
interfaces are up and i can see both switches with sh cdp nei command.
so seems layer 1 and 2 are ok.
Thanks
mahesh
10-09-2011 01:49 PM
Hi Mahesh,
could you please introduce your configuration in here? Do you have any complementary features enabled, like DAI, Port-security for instance? It looks you have indeed DAI enabled, which doesn't know the MACs being refreshed, thus dropping them. May be you need to let the box relearn them.
HTH,
Ivan.
10-09-2011 02:11 PM
Hi Ivan,
Thanks for reply i am adding the config of both switches 3550A and B
mahesh
10-09-2011 02:14 PM
Hi Ivan,
I added config to original post.
Do you also need config of 2950 switch also?
Thanks
10-09-2011 02:26 PM
Hi mahesh,
So Vlan 30 (192.168.30.0/24) is the vlan that connects 3550a to 3550b right?
What happens if you disable DHCP snooping?
HTH
Reza
10-09-2011 02:34 PM
Hi Reza,
DHCP snooping - when i disable it its same thing.
Both 3550 have hsrp enabled.
Thanks
10-09-2011 03:08 PM
Mahesh,
how come that you have 2 interfaces connecting the 2 3550s together without putting them in a portchannel?
Also, why does the configs per interface is different?
interface GigabitEthernet0/1
description Dynamic Desirable Trunk connection to 3550SMIB
switchport mode dynamic auto
logging event trunk-status
speed nonegotiate
udld port aggressive
!
interface GigabitEthernet0/2
description Dynamic Desirable connection to 3550SMIB Switch
switchport mode dynamic desirable
udld port aggressive
!
10-09-2011 03:15 PM
Hi Reza,
Those config are different as i was just setting up home lab to see how things work.
It was working fine before.
Also i have 2950 that connects to 3550A and B switch.
from 2950 i amunable to ping the default gateway.
thanks
10-09-2011 03:31 PM
does the 2950 have a default gateway configured?
can you post the config from the 2950?
10-09-2011 03:41 PM
Hi Reza,
Thanks for reply.
Yes 2950 has default gateway config.
Also i upload the 2950 config.
Thanks
10-09-2011 04:46 PM
On the 2950. interface fa0/8 is the one connecting to 3550A but I do not see vlan 10 configured under that interface
can you add these 2 commands and test again?
switchport access vlan 10
switchport mode access
10-09-2011 04:55 PM
Hi Reza,
Thanks for reply it did not work
2950T#sh run int fa0/8
Building configuration...
Current configuration : 199 bytes
!
interface FastEthernet0/8
description Dynamic desirable Trunk connection to Switch 3550SMIA
switchport access vlan 10
switchport mode access
speed 100
duplex full
ip dhcp snooping trust
end
2950T#ping 192.168.10.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.3, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5).
Thanks
mahesh
10-09-2011 05:01 PM
can you ping
192.168.10.1 (physical interface)?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide