Why all packets dropped with %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs error msg for arp inspected vlans for DMZ and Backup

Unanswered Question
Sep 5th, 2010
User Badges:

Hi,


We have got cisco 3759 switch where the followign line was configrued only


ip arp inspection vlan 6,100



And on those vlans no arp inspection trust was configrued. DMZ and backup servers were connected on that switch. Switch got restarted wihtin 5 minutes for the power outage and when the swithc came online it was denying all the packets coming through the vlan 100 adn 6 althought it was allowing packets before the power outage.


It took me 30 minutes to find out that arp inspection was enables which might cause the issue, but I am still unsue why it would block all packets for vlan 100 & 6.After taking out the command ' ip arp inspection vlan 6,100' all started working fine.


What is the reason the switch had this issue? Is there any resolution for this? thanks


FYI: The error messages-


0:48:32: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/0/1, vlan 6.([001e.0b5f.3a8c/220.233.31.177/0000.0000.0000/220.233.31.182/14:48:32 AEST Sun Feb 28 1993])
00:48:33: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/0/3, vlan 6.([000c.2915.1abe/220.233.31.184/0000.0000.0000/220.233.31.177/14:48:32 AEST Sun Feb 28 1993])
00:48:33: %SW_DAI-4-DHCP_SNOOPING_DENY: 2 Invalid ARPs (Req) on Gi1/0/1, vlan 6.([001e.0b5f.3a8c/220.233.31.177/0000.0000.0000/220.233.31.178/14:48:33 AEST Sun Feb 28 1993])
00:48:33: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/0/1, vlan 6.([001e.0b5f.3a8c/220.233.31.177/0000.0000.0000/220.233.31.184/14:48:33 AEST Sun Feb 28 1993])


Regards,

Arman

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Nagaraja Thanthry Sun, 09/05/2010 - 18:05
User Badges:
  • Cisco Employee,

Hello,


What code version you are running on the switch? Do you have a stack with

cross-stack etherchannel?


Regards,


NT

MD ARMAN HOSSAIN Sun, 09/05/2010 - 18:10
User Badges:


Code version:


System image file is "flash:c3750-ipservicesk9-mz.122-50.SE3/c3750-ipservicesk9-mz.122-50.SE3.bin"

I don’t have any etherchannel running from the switch. It is connected to vmware machines which are on DMZ.


rgds,

arman

Actions

This Discussion