Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

L2 Security feature failed

Hi All,

Does anyone have idea why the ip and mac address cannot store in dhcp snooping binding table? if ip address cannot store in ip dhcp snooping binding table. my  pc cannot ping to gateway.  The router i have configure as dhcp server so i have disable 82 options in ip dhcp snooping. attach router and switch configuration

regards,

Tee

7 REPLIES
Purple

L2 Security feature failed

Hi,

can we get the output of sh ip dhcp snooping database.

Regards.

Alain.

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

L2 Security feature failed

Hi Alain,

inside 2960.txt have show ip dhcp snooping database, show ip dhcp snooping binding, show ip arp inspection as well. you can see the error message as below.

Aug 24 09:10:48.340: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Fa0/13, vlan 10.([001c.230e.2e84/10.10.10.3/0000.0000.0000/10.10.10.1/17:10:47 GMT Fri Aug 24 2012])

Aug 24 09:10:49.347: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Fa0/13, vlan 10.([001c.230e.2e84/10.10.10.3/0000.0000.0000/10.10.10.1/17:10:48 GMT Fri Aug 24 2012])

Aug 24 09:10:50.353: %SW_DAI-4-DHCP_SNOOPING_DENY: 2 Invalid ARPs (Req) on Fa0/13, vlan 10.([001c.230e.2e84/10.10.10.3/0000.0000.0000/10.10.10.1/17:10:49 GMT Fri Aug 24 2012])

Regards,

Tee

Purple

L2 Security feature failed

Hi,

I'm not seeing it in  the config and sorry I spelled the command wrong, it should be sh ip dhcp snooping binding

Can you post it please.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

Re: L2 Security feature failed

hi Alain,

the show ip dhcp snooping binding also inside the notepad. if you search the keyword binding, you should find it. the bindings are 0. i wonder why it cannot store in binding table.

Switch#  sh ip dhcp snooping

Aug 24 09:11:14.520: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Fa0/13, vlan 10.([001c.230e.2e84/10.10.10.3/0000.0000.0000/10.10.10.1/17:11:13 GMT Fri Aug 24 2012])bi

Switch#  sh ip dhcp snooping binding

Aug 24 09:11:16.542: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Fa0/13, vlan 10.([001c.230e.2e84/10.10.10.3/0000.0000.0000/10.10.10.1/17:11:16 GMT Fri Aug 24 2012])

Aug 24 09:11:17.549: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Fa0/13, vlan 10.([001c.230e.2e84/10.10.10.3/0000.0000.0000/10.10.10.1/17:11:17 GMT Fri Aug 24 2012])

MacAddress          IpAddress        Lease(sec)  Type           VLAN  Interface

------------------  ---------------  ----------  -------------  ----  --------------------

Total number of bindings: 0

Regards,

Tee

New Member

Re: L2 Security feature failed

By default it would store one ip address and one mac for interface. Thats how you configure it. However if port  Fa0/13 had a previous ip addres and mac and you plug another device it would cause the message you received. To fix that you need the ip arp inspection trust command on the interface the message appears. This is how I fix it when this message happend to me.

New Member

Re: L2 Security feature failed

hi Pedro,

if i apply ip arp inspection trust command in the interface. it will auto bypass the interface. the objective i want to do is  untrust interface get inspect before traffic send out. do you see any config or else is incorrect?

Regards,

Tee

New Member

Re: L2 Security feature failed

hi all,

finally found out the problem. LAN Lite software cannot support. used LAN Base software can support

Regards,

Tee

302
Views
0
Helpful
7
Replies
CreatePlease login to create content