Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ARP Inspection 4500

Hi

IP ARP inspection has being disabling ports when ip phones arp the default gateway. Phones have been stable for months. This problem may have something to do with DHCP leasing. I have attached the log from a 4500 switch. Is anyone aware what the 0000.0000.0000 represents - I was of the opinion that if a device mac address was unknown then this address was issued (broadcast)? Why then is the port being disabled?

any advice

Dec 19 09:04:05 AEST: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Fa4/

23, vlan 811.([0019.06dc.0578/10.80.1.88/0000.0000.0000/10.80.1.21/09:04:04 AEST

Tue Dec 19 2006])

4 REPLIES
Hall of Fame Super Gold

Re: ARP Inspection 4500

Hi Martin,

No device should ever send packets to all zero address and the switch is right to be upset about it.

Either you relax the check on thie switch or check the phones firmware, perhaps updating to the latest load would fix these spurious packets.

New Member

Re: ARP Inspection 4500

Sorry Paolo but why is an all zero address considered invalid - the arp packet I believed contained all zeros in it's destination when an ip address was unknown?

Hall of Fame Super Gold

Re: ARP Inspection 4500

Martin,

in an ethernet header, in the destination field, you can find three types of address: unicast, multicast and broadcast. An all zero address is technically an unicast, but also is an invalid destination.

But as you say, inside an ARP packet, fields that are unknown are filled with zeros, and this is perfectly valid.

New Member

Re: ARP Inspection 4500

I ran into a simular issue a couple weeks ago. I found a bug ID explaining the problem your having. This is what I did to fix the problem. Apply this command on the untrusted ports.

ip arp inspection limit rate 15 burst interval 3

177
Views
0
Helpful
4
Replies