Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4262
Views
5
Helpful
1
Replies

SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs

Ivan Marinovic
Level 1
Level 1

‎03-26-2014 12:11 AM - edited ‎03-07-2019 06:51 PM

Hi,

after upgrading switch 2960 with latest ios release (c2960-lanbasek9-mz.150-2.SE5.bin) i have problem with DHCP snooping. These massage pop out:

04264: Mar 25 21:53:09: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Res) on Fa0/17, vlan 8.([30f7.0dad.a5d9/10.11.8.29/0026.cb33.10ff/10.11.8.1/21:53:09 CET Tue Mar 25 2014])
004265: Mar 25 21:53:11: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Res) on Fa0/20, vlan 8.([d48c.b527.f1ec/10.11.8.47/0026.cb33.10ff/10.11.8.1/21:53:10 CET Tue Mar 25 2014])
004266: Mar 25 21:53:14: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Fa0/24, vlan 3.([c84c.75a9.8bee/10.11.3.6/0000.0000.0000/10.11.3.1/21:53:13 CET Tue Mar 25 2014])

 

2960 switch is connected to distribution switch 4509, and i clear all mac address-table, arp table, clear ip dhcp binding, snooping everything (on boat access and distribution).... shutdown the port, reset switch but i am still receiving those messages.

vlan 8 is voice vlan - cisco phones...

Dhcp server is 4509 distribution switch...

example - port config:

interface FastEthernet0/20
 switchport access vlan 31
 switchport mode access
 switchport nonegotiate
 switchport voice vlan 8
 switchport port-security maximum 3
 switchport port-security
 switchport port-security aging time 10
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 ip arp inspection limit rate 50
 srr-queue bandwidth share 10 10 60 20
 priority-queue out 
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone 
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input AutoQoS-Police-CiscoPhone

 

Now port is running in "ip arp inspection trust" so user can access network (but that is no solution)....

So what else can I do, how to clear those DHCP_SNOOPING_DENY message?

Regards,

Ivan

Labels:
0 Helpful
1 Reply 1

Ivan Marinovic
Level 1
Level 1

‎03-26-2014 02:04 PM

Just update with other IOS c2960-lanbasek9-mz.150-2.SE4.bin and everything work ok.

Again upgrade to newest one c2960-lanbasek9-mz.150-2.SE5.bin gain same message appears.

 4264: Mar 25 21:53:09: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Res) on Fa0/17, vlan 8.([30f7.0dad.a5d9/10.11.8.29/0026.cb33.10ff/10.11.8.1/21:53:09 CET Tue Mar 25 2014])
004265: Mar 25 21:53:11: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Res) on Fa0/20, vlan 8.([d48c.b527.f1ec/10.11.8.47/0026.cb33.10ff/10.11.8.1/21:53:10 CET Tue Mar 25 2014

 

Upgrade to 150-2.SE4.bin and everything work ok...

Strange :-)

 

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card