Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Dynamic ARP Inspection Output In Logs-Question


I have configured DHCP Snooping and DAI on one of my 6509's. It appears to be working so this question is about the output in the logs.

Feb  9 12:15:18.986 EST: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Res) on Gi7/16, vlan 50.([0018.8b15.d0f5/ EST Tue Feb 9 2010])

I understand the DAI uses the DHCP Snooping binding database to do its job. So if I understand the process right if a port doesn't have a binding in the database DAI restricts the port. So my questions are.

1. According to my logs ther seems to be an address/MAC binding for port Gi7/16 so why is DAI restricting it?

2. When this person connected to this port tries to access the network will they have a network connection?

3. Will this port automatically be added to the DHCP binding database automatically?