We have DHCP snooping and ARP inspection enabled on our 3750G switches for our Voice and Data VLANs. It works great--unless the switch is reloaded, like during a SW upgrade.
When the switch reloads, none of the phones are able to get IPs from DHCP. The data VLANs don't seem to be affected. The log buffers on the switches show DHCP SPOOFING DENY (Invalid ARPs) errors. Only after I disable ARP inspection for the voice VLANs do the phones come up.
OK, so am I doing something wrong? Shouldn't I be able to have ARP inspection enabled for the voice VLAN as well? Perhaps I'm doing something out of order, like I should disable ARP inspection, reload, then re-enable it after all phones get IPs and come up? If Inspection really works, I shouldn't have to do that.
The latest incident occurred after I simply reloaded the switch in the middle of the night after downloading and installing the new SW image (12.2.52SE-ipbase). In the morning when I got in, all the phones were "Configuring IP."
Any suggestions or common experiences that anyone can offer? Thank in advance.