We are running DAI on our access switches. All clients get static IPs so we use ACLs to define the MAC-to-IP bindings. Here is a snippet of the config:
ip arp inspection vlan 99
ip arp inspection filter vlan99arp vlan 99 static
arp access-list vlan99arp
permit ip host 172.16.0.10 mac host 0011.2233.4455
The one issue I have is when hosts send out ARP probes. In most cases, this only happens when a host is rebooted or the network settings are changed. But we have a host that sends ARP probes every minute. Each time a log is sent to our syslog server which sends an email. This is filling up my mailbox with unnecessary messages.
Is there a way to configure DAI to ignore ARP probes? It looks like you can configure DAI to explicitly log ARP probes with "logging arp-probe" but I want it to ignore these. Here is an example of what gets logged every minute:
Aug 2 17:54:58.148 EDT: %SW_DAI-4-ACL_DENY: 1 Invalid ARPs (Req) on Gi0/10, vlan 99.([0011.2233.4455/0.0.0.0/ffff.ffff.ffff/172.16.0.10
It is an Infoblox DNS appliance. I knew that it shouldn't send probes periodically, but I overlooked the target MAC address. There doesn't appear to be a way to change this behavior. It might have something to do with the way they implement HA (even though we're not using that feature). I was hoping to find a way around this through the DAI logging options, but I guess I'll have to put in a ticket with the vendor. Thanks for your help.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...