cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1082
Views
0
Helpful
2
Replies

SW_DAI-4-DHCP_SNOOPING_DENY on wifi vlan

supportti
Level 1
Level 1

Hello ive configured DHCP Snooping + DAI on multiple switch (  WS-C3560G-48PS +  C9300-48U  + WS-C3750X-48P )

 

Ive trust all trunk port to others switch with those 2 commands 

 

ip arp inspection trust
ip dhcp snooping trust

 

and everything is working fine 

 

 

We also have UniFi AP-AC-Pro for WIFI and this is the problem im seeing in log on all switch that have access point configured 

 

Feb 12 09:41:36: %SW_DAI-4-DHCP_SNOOPING_DENY: 4 Invalid ARPs (Req) on Gi1/0/46, vlan 22.([3442.629c.a276/172.16.22.113/0000.0000.0000/172.16.22.1/09:41:35 EST Wed Feb 12 2020])
Feb 12 09:41:37: %SW_DAI-4-DHCP_SNOOPING_DENY: 2 Invalid ARPs (Req) on Gi1/0/46, vlan 22.([3442.629c.a276/172.16.22.113/0000.0000.0000/172.16.22.1/09:41:36 EST Wed Feb 12 2020])
Feb 12 09:44:06: %SW_DAI-4-DHCP_SNOOPING_DENY: 4 Invalid ARPs (Req) on Gi1/0/45, vlan 22.([3442.629c.a276/172.16.22.113/0000.0000.0000/172.16.22.1/09:44:05 EST Wed Feb 12 2020])
Feb 12 09:44:07: %SW_DAI-4-DHCP_SNOOPING_DENY: 2 Invalid ARPs (Req) on Gi1/0/45, vlan 22.([3442.629c.a276/172.16.22.113/0000.0000.0000/172.16.22.1/09:44:06 EST Wed Feb 12 2020])
Feb 12 09:44:08: %SW_DAI-4-DHCP_SNOOPING_DENY: 3 Invalid ARPs (Req) on Gi1/0/45, vlan 22.([3442.629c.a276/172.16.22.113/0000.0000.0000/172.16.22.1/09:44:07 EST Wed Feb 12 2020])

 

Here is an exemple of the port configuration 

 

interface GigabitEthernet1/0/45
description WIFI-AP_UNIFI_HV04_RH
switchport trunk native vlan 20
switchport mode trunk
spanning-tree portfast
 

Is it normal that we are seeing this with WIFI vlan ? 

 

Thanks !

2 Replies 2

supportti
Level 1
Level 1
It put one of the port in err-disable on my 3750

n Gi2/0/22, vlan 22.([60e3.ace1.a3b3/172.16.22.77/0000.0000.0000/172.16.22.1/13:18:16 EST Wed Feb 12 2020])
7326105: Feb 12 13:18:18: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi2/0/22, vlan 22.([60e3.ace1.a3b3/172.16.22.77/0000.0000.0000/172.16.22.1/13:18:17 EST Wed Feb 12 2020])
7326106: Feb 12 13:18:19: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi2/0/22, vlan 22.([60e3.ace1.a3b3/172.16.22.77/0000.0000.0000/172.16.22.1/13:18:18 EST Wed Feb 12 2020])
7326107: Feb 12 13:18:20: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi2/0/22, vlan 22.([60e3.ace1.a3b3/172.16.22.77/0000.0000.0000/172.16.22.1/13:18:20 EST Wed Feb 12 2020])
7326108: Feb 12 13:18:21: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi2/0/22, vlan 22.([60e3.ace1.a3b3/172.16.22.77/0000.0000.0000/172.16.22.1/13:18:21 EST Wed Feb 12 2020])
7326109: Feb 12 13:18:22: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi2/0/22, vlan 22.([60e3.ace1.a3b3/172.16.22.77/0000.0000.0000/172.16.22.1/13:18:22 EST Wed Feb 12 2020])
7326110: Feb 12 13:18:25: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi2/0/22, vlan 22.([60e3.ace1.a3b3/172.16.22.77/0000.0000.0000/172.16.22.1/13:18:25 EST Wed Feb 12 2020])
7326111: Feb 12 13:18:26: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi2/0/22, vlan 22.([60e3.ace1.a3b3/172.16.22.77/0000.0000.0000/172.16.22.1/13:18:26 EST Wed Feb 12 2020])
7326112: Feb 12 13:18:27: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi2/0/22, vlan 22.([60e3.ace1.a3b3/172.16.22.77/0000.0000.0000/172.16.22.1/13:18:27 EST Wed Feb 12 2020])
7326113: Feb 12 13:27:44: %SW_DAI-4-DHCP_SNOOPING_DENY: 3 Invalid ARPs (Req) on Gi1/0/14, vlan 22.([b06f.e09b.1f72/172.16.22.3/0000.0000.0000/172.16.22.1/13:27:44 EST Wed Feb 12 2020])
7326114: Feb 12 13:28:22: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/0/13, vlan 22.([8476.3736.552b/172.16.22.50/0000.0000.0000/172.16.22.1/13:28:21 EST Wed Feb 12 2020])
7326115: Feb 12 13:28:23: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/0/13, vlan 22.([8476.3736.552b/172.16.22.50/0000.0000.0000/172.16.22.1/13:28:22 EST Wed Feb 12 2020])
7326116: Feb 12 13:29:25: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/0/13, vlan 22.([58e6.ba36.d9c2/169.254.20.59/0000.0000.0000/169.254.20.59/13:29:24 EST Wed Feb 12 2020])
7326117: Feb 12 13:30:21: %SW_DAI-4-PACKET_RATE_EXCEEDED: 44 packets received in 8 milliseconds on Gi2/0/22.
7326118: Feb 12 13:30:21: %PM-4-ERR_DISABLE: arp-inspection error detected on Gi2/0/22, putting Gi2/0/22 in err-disable state
7326119: Feb 12 13:30:22: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/0/22, changed state to down
7326120: Feb 12 13:30:23: %LINK-3-UPDOWN: Interface GigabitEthernet2/0/22, changed state to down
7326121: Feb 12 13:34:55: %SW_DAI-4-DHCP_SNOOPING_DENY: 4 Invalid ARPs (Req) on Gi1/0/14, vlan 22.([2c33.619c.6f01/172.16.22.46/0000.0000.0000/172.16.22.1/13:34:55 EST Wed Feb 12 2020])
7326122: Feb 12 13:34:56: %SW_DAI-4-DHCP_SNOOPING_DENY: 2 Invalid ARPs (Req) on Gi1/0/14, vlan 22.([2c33.619c.6f01/172.16.22.46/0000.0000.0000/172.16.22.1/13:34:56 EST Wed Feb 12 2020])
7326123: Feb 12 13:34:58: %SW_DAI-4-DHCP_SNOOPING_DENY: 6 Invalid ARPs (Req) on Gi1/0/14, vlan 22.([2c33.619c.6f01/172.16.22.46/0000.0000.0000/172.16.22.1/13:34:57 EST Wed Feb 12 2020])
7326124: Feb 12 13:34:59: %SW_DAI-4-DHCP_SNOOPING_DENY: 2 Invalid ARPs (Req) on Gi1/0/14, vlan 22.([2c33.619c.6f01/172.16.22.46/0000.0000.0000/172.16.22.1/13:34:58 EST Wed Feb 12 2020])
7326125: Feb 12 13:39:37: %SW_DAI-4-DHCP_SNOOPING_DENY: 3 Invalid ARPs (Req) on Gi1/0/14, vlan 22.([f079.609c.fa9f/172.16.22.16/0000.0000.0000/172.16.22.1/13:39:37 EST Wed Feb 12 2020])
7326126: Feb 12 13:45:05: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/0/13, vlan 22.([74e1.b68f.3b04/172.16.22.115/0000.0000.0000/172.16.22.1/13:45:04 EST Wed Feb 12 2020])
7326127: Feb 12 13:46:36: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/0/13, vlan 22.([74e1.b68f.3b04/172.16.22.115/0000.0000.0000/172.16.22.1/13:46:35 EST Wed Feb 12 2020])


Any idea what to do so it don't happenned again

Thanks !

hcortez14
Level 1
Level 1

DAI work database DHCP SNOOPING or Static entry,

then, you need configuring manual entry if you have connected a static IP address in interfaces,

 

tehen you need configuring: "in global configuration"

ip source binding 3442.629c.a276  vlan 22 172.16.22.113  interface Gi1/0/46

then: entry command: show ip source binnding

 

SW#show ip source binding
MacAddress IpAddress Lease(sec) Type VLAN Interface
------------------ --------------- ---------- ------------- ---- --------------------
3442.629c.a276  172.16.22.113  infinite static 22 GigabitEthernet1/0/46

 

regards

Review Cisco Networking for a $25 gift card