×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Need help with ARP Inspection on SF-300 Switch

Unanswered Question
Aug 21st, 2012
User Badges:

I have an SF-300-24 port switch and am having an issue.


When a device says "Who has 192.168.0.1" (which is the default gateway) two devices are replying in the affirmative, and therefor the MAC address table is getting screwed up. 


I know the correct MAC address of 192.168.0.1 is 00:1b:21:95:02:b0, so how do I tell the router to disgard any packets that say otherwise?   I tried to figure out DHCP snooping and IP source guard, and ARP Inspection, but I am not getting anywhere and keep losing connectivity to the switch.  


Seems that this should be simple, any help is much appreciated!  Obviously a device on the network is misconfigured, unfortunately it is a large wireless network and the misconfigured device is 30 miles away on the top of a mountain.   I am hoping to bandaid it locally and then eventually go out and fix the offending equipment.


Thanks,


Ryan

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Tom Watts Tue, 08/21/2012 - 14:29
User Badges:
  • Green, 3000 points or more

Hi Ryan, when you set the arp inspection, you need to specify the mac address to be trusted or make the entire interface trusted. If you do not specify your computer mac as trusted, the switch will 'black list' your mac and you will no longer connect to any port.



-Tom

ryankey123 Tue, 08/21/2012 - 14:46
User Badges:

ARP Inspection > Properties > ARP Inspection Status = Enabled


ARP Packet Validation = Enabled


ARP Inspection > Interface Settings > FE1 Interface Trusted = YES  (this is the port the router is connected to)


All other interfaces Trusted =  NO


Under ARP Access Control Rules I added 192.168.0.1 and MAC address 00:1b:21:95:02:b0 which is the correct MAC


Still doesn't work.  IF under ARP Inspection > VLAN Settings I add VLAN1 to the Enabled VLANs than I get banned from the switch, and nobody can connect to anything and it requires a hard reset.

Actions

This Discussion