Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Why all packets dropped with %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs error msg for arp inspected vlans for DMZ and Backup

Hi,

We have got cisco 3759 switch where the followign line was configrued only

ip arp inspection vlan 6,100

And on those vlans no arp inspection trust was configrued. DMZ and backup servers were connected on that switch. Switch got restarted wihtin 5 minutes for the power outage and when the swithc came online it was denying all the packets coming through the vlan 100 adn 6 althought it was allowing packets before the power outage.

It took me 30 minutes to find out that arp inspection was enables which might cause the issue, but I am still unsue why it would block all packets for vlan 100 & 6.After taking out the command ' ip arp inspection vlan 6,100' all started working fine.

What is the reason the switch had this issue? Is there any resolution for this? thanks

FYI: The error messages-

0:48:32: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/0/1, vlan 6.([001e.0b5f.3a8c/220.233.31.177/0000.0000.0000/220.233.31.182/14:48:32 AEST Sun Feb 28 1993])
00:48:33: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/0/3, vlan 6.([000c.2915.1abe/220.233.31.184/0000.0000.0000/220.233.31.177/14:48:32 AEST Sun Feb 28 1993])
00:48:33: %SW_DAI-4-DHCP_SNOOPING_DENY: 2 Invalid ARPs (Req) on Gi1/0/1, vlan 6.([001e.0b5f.3a8c/220.233.31.177/0000.0000.0000/220.233.31.178/14:48:33 AEST Sun Feb 28 1993])
00:48:33: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/0/1, vlan 6.([001e.0b5f.3a8c/220.233.31.177/0000.0000.0000/220.233.31.184/14:48:33 AEST Sun Feb 28 1993])

Regards,

Arman

3 REPLIES
Cisco Employee

Re: Why all packets dropped with %SW_DAI-4-DHCP_SNOOPING_DENY: 1

Hello,

What code version you are running on the switch? Do you have a stack with

cross-stack etherchannel?

Regards,

NT

New Member

Re: Why all packets dropped with %SW_DAI-4-DHCP_SNOOPING_DENY: 1

Code version:

System image file is "flash:c3750-ipservicesk9-mz.122-50.SE3/c3750-ipservicesk9-mz.122-50.SE3.bin"

I don’t have any etherchannel running from the switch. It is connected to vmware machines which are on DMZ.

rgds,

arman

hi Arman. What was the issue

hi Arman. What was the issue ? 

1142
Views
0
Helpful
3
Replies