10-09-2011 08:33 AM - edited 03-07-2019 02:41 AM
Hi,
I have enabled DHCP snopping on my layer 3 and layer 2 switch.
But his message comes on my layer 3 switch.
Oct 9 09:28:00.022 MST: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi0/1, vlan 10.([0009.e8a2.0080/192.168.10.2/0000.0000.0000/136.159.2.2/09:27:59 MST Sun Oct 9 2011])
Oct 9 09:28:02.022 MST: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Fa0/8, vlan 10.([000b.bece.bbc0/192.168.10.5/0000.0000.0000/192.168.10.3/09:28:01 MST Sun Oct 9 2011])
Oct 9 09:28:02.022 MST: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi0/1, vlan 10.([0009.e8a2.0080/192.168.10.2/0000.0000.0000/136.159.2.2/09:28:01 MST Sun Oct 9 201
Oct 9 09:28:00.022 MST: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi0/1, vlan 10.([0009.e8a2.0080/192.168.10.2/0000.0000.0000/136.159.2.2/09:27:59 MST Sun Oct 9 2011])
Oct 9 09:28:02.022 MST: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Fa0/8, vlan 10.([000b.bece.bbc0/192.168.10.5/0000.0000.0000/192.168.10.3/09:28:01 MST Sun Oct 9 2011])
Oct 9 09:28:02.022 MST: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi0/1, vlan 10.([0009.e8a2.0080/192.168.10.2/0000.0000.0000/136.159.2.2/09:28:01 MST Sun Oct 9 201
Also i checked the nei switch as this switch goes to layer 2 and layer 3 switch
3550SMIA# sh cdp nei
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
3550SMIB Gig 0/1 138 S I WS-C3550- Gig 0/1
3550SMIB Gig 0/2 138 S I WS-C3550- Gig 0/2
2950T Fas 0/8 142 S I WS-C2950T Fas 0/8
From 3550 A switch i can not ping IP of 2950 and 3550B switch.
Interface is up up vlans are up.
i rebooted the switch still same thing?
Please let me know how can i fix this?
Thanks
Mahesh
Solved! Go to Solution.
10-09-2011 05:06 PM
not from 29050t
2950T#ping 192.168.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
2950T#
3550SMIA# ping 192.168.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
thanks
10-09-2011 04:59 PM
Hi Reza,
After config those 2 commands log on 3550A
Oct 9 17:57:36.432 MST: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet0/8 (1), with 2950T FastEthernet0/8 (10).
10-09-2011 06:05 PM
Ok, by adding these 2 commands
switchport access vlan 10
switchport mode access
You made the 2950 port fa0/8 an access port
can you also make the 3550 port 0/8 an access port and try again
change below interface config
interface FastEthernet0/8
description Dynamic Desirable Trunk connection to Switch 2950T
switchport trunk encapsulation dot1q
switchport mode dynamic desirable
speed 100
duplex full
spanning-tree guard root
to
switchport access vlan 10
switchport mode access
0/8 2950-----------access port------------3550 0/8
and try ping the physical interface of vlan 10 on the 3550
10-09-2011 06:15 PM
Hi Reza,
Thanks
for the reply
I did as you said still no luck
3550SMIA# ping 192.168.10.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.5, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
10-09-2011 06:20 PM
Mahesh,
Where is 192.168.10.5?
the ip for the 3550s are
192.168.10.1 and 2
the virtual is 3
how come you are pinging .5
10-09-2011 06:25 PM
Hi Reza,
.5 IP is of 2950 T switch.
also i ping the GW
2950T#ping 192.168.10.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.3, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
2950T#
still same thing.
should i reboot 3550a switch?
thanks for the help
10-09-2011 06:47 PM
on 2950, is vlan 10 in up and up mode?
sh ip int bri vlan 10
also
sh ip int br int fa0/8
10-09-2011 06:57 PM
Hi Reza,
i rebooted 3550a switch still same thing.
here is info you requetsed.
2950T#sh ip int bri vlan 10
Interface IP-Address OK? Method Status Prot
ocol
Vlan10 192.168.10.5 YES NVRAM up up
2950T#sh ip int brief
Interface IP-Address OK? Method Status Prot
ocol
Vlan1 unassigned YES NVRAM administratively down down
Vlan10 192.168.10.5 YES NVRAM up up
FastEthernet0/1 unassigned YES unset administratively down down
FastEthernet0/2 unassigned YES unset administratively down down
FastEthernet0/3 unassigned YES unset down down
FastEthernet0/4 unassigned YES unset down down
FastEthernet0/5 unassigned YES unset down down
FastEthernet0/6 unassigned YES unset down down
FastEthernet0/7 unassigned YES unset administratively down down
FastEthernet0/8 unassigned YES unset up up
thanks
mahesh
10-09-2011 07:07 PM
from the 2950 can you post?
sh vlan bri
sh run int fa0/8
sh run int vlan 10
10-09-2011 08:24 PM
her eis required info
2950T#sh vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/5, Fa0/6
Fa0/7, Fa0/9, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/22, Fa0/23, Fa0/24
Gi0/1, Gi0/2
10 VLAN0010 active Fa0/3, Fa0/8, Fa0/10, Fa0/18
Fa0/19, Fa0/21
20 VLAN0020 active
30 VLAN0030 active
40 VLAN0040 active Fa0/3
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup
2950T#
2950T#sh run int fa0/8
Building configuration...
Current configuration : 199 bytes
!
interface FastEthernet0/8
description Dynamic desirable Trunk connection to Switch 3550SMIA
switchport access vlan 10
switchport mode access
speed 100
duplex full
ip dhcp snooping trust
end
2950T#s run int vlan 10
Building configuration...
Current configuration : 82 bytes
!
interface Vlan10
ip address 192.168.10.5 255.255.255.0
no ip route-cache
end
2950T#
Thanks
10-10-2011 12:42 PM
Hi Reza,
i removed ip arp inspection,dhcp snopping still unable to ping the directly connected nei switch.?
thanks
10-10-2011 12:47 PM
Hi Mahesh,
from the 3550 can you post?
sh vlan bri
sh run int fa0/8 (this should be the interface that connects to the 2950 right)?
sh run int vlan 10
Are you still having problem pinging 192.168.10.5 while you are connected to the 2950?
Thanks.
10-10-2011 01:01 PM
hi Reza,
I removed the DHCP snooping then i did
sh run on 2950 and saw that
int vlan 10 was
shutdown
i did no shut and i was able to ping the GW as below
2950T#ping 192.168.10.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Seems issue was caused by ip arp inspection and may be dhcp snooping .
i remove their config from all the switches.
Thanks for your help so much help Reza.
You answered so many of my questions
thanks
10-10-2011 01:51 PM
Mahesh,
Glad to help. Remember when things like this happens, go back and undo what you have deployed recently (DHCP Snooping)
Reza
10-10-2011 02:02 PM
Mahesh,
both DHCP snooping and DAI can coexist and often are being deployed together. So now when you have basic connectivity you might go further and finalize what you initially was trying to implement.
Cheers,
Ivan.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide