IP ARP Inspection error in Windows 7

Answered Question
Jun 15th, 2010

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;}

Hi everyone,

We have ip arp inspection and dhcp snooping enable in couple of 3750 and 3560 switches.  Everything works fine, excepted few case that DAI packet rate trigger and errdisable the port.  Later on we found out that most of computer that trigger DAI is Windows 7 and especially when they are in sleep mode.  Not sure if anyone experiencing it with Windows 7.  Also we have it rate limit at 64.

Thanks,

=D=

I have this problem too.
0 votes
Correct Answer by Chad Peterson about 6 years 5 months ago

I can't be sure but I imagine the Windows 7 machine is refreshing its arp cache all at once, then causing ARP inspection rate-limiter to hit.  Now the rate-limiter is set to 64, but there is a bit of a catch.  The 3750 family may delay the processing of these, which causes more to come in and then all burst to the CPU at the same time...described in CSCse06827.

You could span the port to see if this is the case...but I can't think of another explianation for it.  Try bumping up the burst interval on the rate-limiter and see if that helps out.

Example:

3750(config-if)#ip arp inspection limit 64 3
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Chad Peterson Tue, 06/15/2010 - 15:35

I can't be sure but I imagine the Windows 7 machine is refreshing its arp cache all at once, then causing ARP inspection rate-limiter to hit.  Now the rate-limiter is set to 64, but there is a bit of a catch.  The 3750 family may delay the processing of these, which causes more to come in and then all burst to the CPU at the same time...described in CSCse06827.

You could span the port to see if this is the case...but I can't think of another explianation for it.  Try bumping up the burst interval on the rate-limiter and see if that helps out.

Example:

3750(config-if)#ip arp inspection limit 64 3

Actions

This Discussion

Related Content