Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
852
Views
5
Helpful
5
Replies

Unusual ARP packets from clients

MH311x
Level 1
Level 1

‎05-08-2022 11:40 PM

Hello everybody!

I am experiencing an unusual behavior in our network. Unfortunetely I have no idea what could cause this problem.

 

We are using Dyamic ARP Inspection on most of our VLANs. Since 7 days there are several clients (on different sites) which send more than 15 ARP packets in 1 second. That causes the port to go in err-disabled state.

 

DAI is now active for several months and there were no problems in the past. From one day to the other, many clients are having this issue. The packets are sent when booting the client, so after booting, the port goes in err-disabled state.

 

In most cases the clients were sending 16 ARP packets ... the treshhold for err-disabled was 15 packets. I've increased the treshhold to 25 packets but still some clients send more packets than this.

 

Has anyone ever experienced something like this? My "Windows guys" said there was no update or changes of drivers or the network stack.

 

Is there a problem in setting the treshhold higher?

Labels:
5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

‎05-09-2022 12:01 AM

what device and IOS code running here?

 

if this is all over the network and any specific switch ( take that one, look what is that ARP entries ? is this legitimate ?)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

MH311x
Level 1
Level 1

‎05-09-2022 01:46 AM

@balaji.bandi the problem appears on different models. Our most used devices are C2960X running on 15.2.(7)E4.

But e.g. also on an old Catalyst 4506-E.

 

I could try to capture the ARP packets, but it will be a little bit tricky since this doesnt occur on every boot of the client.

 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to MH311x

‎05-09-2022 06:40 AM 

I could try to capture the ARP packets, but it will be a little bit tricky since this doesnt occur on every boot of the client.

is this happends only when end device reboot ? why end device need to have so many MAC address ? until they run any hyper-v inside ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to balaji.bandi

‎05-09-2022 09:44 AM

BB asks an interesting question about why an end device would need multiple IP addresses. I wonder whether it is that the end device is dong arp for multiple IP addresses, or is the end device doing multiple arp for the same IP address?

HTH

Rick
0 Helpful

MHM Cisco World
VIP
VIP

‎05-09-2022 04:28 AM - edited ‎05-09-2022 06:44 AM

https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/address-resolution-protocol-arp-caching-behavior

 

check above link for ARP caching in Win 

for why it happened now It seem that you large your network.

0 Helpful
Customers Also Viewed These Support Documents