Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Cisco Support Community site will be in read only mode on Dec14, 2017 from 12:01am PST to 11:30am for standard maintenance. Sorry for the inconvenience.

New Member

Invalid ARP

Let's say there is a client  router connected on switch port G1/0/6. But command on switch "show mac address table int G1/0/6" shows nothing. Also command "sh ip dhcp snooping binding int G1/0/6" also shows nothing. So i do not see routers mac or ip adress on that port. Then i run the command "no ip verify source port-security" and i see routers mac with "sh mac address table" command but do not see routers ip with "dhcp snooping".

Then in the loggs appears folowing lines:

Aug  1 07:08:18.434 EEST: %SW_DAI-4-INVALID_ARP: 1 Invalid ARPs (Req) on Gi1/0/6

, vlan 376.([0024.a534.55f3/192.168.0.100/001b.0dff.5e00/192.168.0.1/07:08:18
 
It seems like router got private ip address from rogue dhcp which is on the same vlan.
The question then is why "ip dhcp snooping binding" doesn't show this private ip address 192.168.0.100.
Because it is not in the dhcp snooping database switch doesn't accept packets from this router (because of ip verify source port-security command) and that's why routers mac address isn't also in mac adddress table before i used command "no ip verify source port-security". Am i right?
8 REPLIES
New Member

Nobody  experienced similar

Nobody  experienced similar issue?

Hey,Well your theory seems to

Hey,

Well your theory seems to be right. The IP address wont show up in binding table as it got IP address from rouge DHCP server, but why or how it got IP address from rouge machine while DHCP Snooping running for that vlan.

HTH.

Regards,

RS.

New Member

well, this switch is cisco

well, this switch is cisco but uplink switch has also connections to non cisco switches which doesn't support DHCP snooping. That is how client's router got ip from rogue dhcp server connected to non cisco switch. So the question is then why dhcp snooping binding doesn't show snooping with private ip address 192.168.0.1 on port connected to router.

Hey,As switch running DHCP

Hey,

As switch running DHCP Snooping never saw DORA packets responsible for obtaining IP address dynamically.

HTH.

Regards,

RS.

New Member

I'm sorry I don't understand

I'm sorry I don't understand what you said. You mean you never saw dhcp snooping with dynamic ip allocation?

Yes, i am talking about 192

Yes, i am talking about 192.168.0.100 address as you mentioned that it came from some other switch which doesn't support snooping.

Regards,
RS.

New Member

yes, i gues it came from

yes, i gues it came from incorectly connected client's router which is connected to switch which doesn't support dhcp snooping. what did you meant by saying "As switch running DHCP Snooping never saw DORA packets responsible for obtaining IP address dynamically."

Hey,DHCP Snooping binding

Hey,

DHCP Snooping binding table is created by actively monitoring server packets namely OFFER and ACK packets of DORA (Discover, Offer, Request, Ack) process. So switch running snooping never saw the OFFER and ACK packets never traversed through this switch for router IP address, hence no entry in the binding table.

For DHCP/DORA process , check the follwoing link:

http://www.cisco.com/c/en/us/support/docs/ip/dynamic-address-allocation-resolution/27470-100.html#dhcpmessage

HTH.

Regards,
RS.

245
Views
0
Helpful
8
Replies
CreatePlease to create content