Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs

Hi,

after upgrading switch 2960 with latest ios release (c2960-lanbasek9-mz.150-2.SE5.bin) i have problem with DHCP snooping. These massage pop out:

04264: Mar 25 21:53:09: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Res) on Fa0/17, vlan 8.([30f7.0dad.a5d9/10.11.8.29/0026.cb33.10ff/10.11.8.1/21:53:09 CET Tue Mar 25 2014])
004265: Mar 25 21:53:11: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Res) on Fa0/20, vlan 8.([d48c.b527.f1ec/10.11.8.47/0026.cb33.10ff/10.11.8.1/21:53:10 CET Tue Mar 25 2014])
004266: Mar 25 21:53:14: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Fa0/24, vlan 3.([c84c.75a9.8bee/10.11.3.6/0000.0000.0000/10.11.3.1/21:53:13 CET Tue Mar 25 2014])

 

2960 switch is connected to distribution switch 4509, and i clear all mac address-table, arp table, clear ip dhcp binding, snooping everything (on boat access and distribution).... shutdown the port, reset switch but i am still receiving those messages.

vlan 8 is voice vlan - cisco phones...

Dhcp server is 4509 distribution switch...

example - port config:

interface FastEthernet0/20
 switchport access vlan 31
 switchport mode access
 switchport nonegotiate
 switchport voice vlan 8
 switchport port-security maximum 3
 switchport port-security
 switchport port-security aging time 10
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 ip arp inspection limit rate 50
 srr-queue bandwidth share 10 10 60 20
 priority-queue out 
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone 
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input AutoQoS-Police-CiscoPhone

 

Now port is running in "ip arp inspection trust" so user can access network (but that is no solution)....

So what else can I do, how to clear those DHCP_SNOOPING_DENY message?

Regards,

Ivan

  • LAN Switching and Routing
1 REPLY
New Member

Just update with other IOS

Just update with other IOS c2960-lanbasek9-mz.150-2.SE4.bin and everything work ok.

Again upgrade to newest one c2960-lanbasek9-mz.150-2.SE5.bin gain same message appears.

 4264: Mar 25 21:53:09: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Res) on Fa0/17, vlan 8.([30f7.0dad.a5d9/10.11.8.29/0026.cb33.10ff/10.11.8.1/21:53:09 CET Tue Mar 25 2014])
004265: Mar 25 21:53:11: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Res) on Fa0/20, vlan 8.([d48c.b527.f1ec/10.11.8.47/0026.cb33.10ff/10.11.8.1/21:53:10 CET Tue Mar 25 2014

 

Upgrade to 150-2.SE4.bin and everything work ok...

Strange :-)

 

2027
Views
5
Helpful
1
Replies