09-25-2010 08:15 AM - edited 03-06-2019 01:10 PM
An interface has following
interface FastEthernet2/0/24
switchport access vlan 100
switchport mode access
ip arp inspection trust
no logging event link-status
storm-control action shutdown
spanning-tree portfast
spanning-tree guard root
ip dhcp snooping limit rate 56
vlan 100 is divided into 2 parts- half into dhcp and other half into static ip's.dhcp is till 192.168.100.62 & static range from .63 onwards till .254.
a user using 192.168.100.120 ip plugs in , but is unable to use the network. his arp doesnt appear & is incomplete on the switch.
kindly advise possible way out.
Thank You All.
Solved! Go to Solution.
09-26-2010 02:44 AM
You should only need DHCP snooping trust on the port of your DHCP
server but if you have arp inspection enabled you will need 'ip arp
inspection trust' on every port where a host with a static ip
connects. The reason is that arp inspection will filter any arps for
addresses not handed out by DHCP.
09-25-2010 11:06 AM
What if you delete "ip arp inspection trust" and clear the arp-cash and test again?
09-25-2010 06:26 PM
Thanks, i will have these tried & see the status. am i also missing ip dhcp snooping trust?
09-26-2010 02:44 AM
You should only need DHCP snooping trust on the port of your DHCP
server but if you have arp inspection enabled you will need 'ip arp
inspection trust' on every port where a host with a static ip
connects. The reason is that arp inspection will filter any arps for
addresses not handed out by DHCP.
09-26-2010 05:25 AM
So , should i only go with ip dhcp snooping trust on the interface and take out rest of them ( inspection, snooping limit ).
Thank You.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide