RE: DHCP Snooping Issue from Andrew LaPorte on 2011-06-12 (Ccielab archives 06/2011)

From: Andrew LaPorte <andy_at_cloud9.net>
Date: Sun, 12 Jun 2011 11:23:35 -0400

I'm not 100% sure this is why you are getting the messages you have but are
you running option 82 with DHCP snooping?

This option seems to keep a database of DCHP information and if something
happens that does not match it produces an error.

I would only worry about this if something was not working correctly. As
for a virus, when a virus runs a DHCP server on an infected machine is does
DHCP replies/offers to requests. Snooping will block DHCP offers on
untrusted ports.

I hope this helps I just implement Snooping last week due to an infected
machine running a DHCP server. That infected machine was giving out
incorrect DNS entries.

Oh one other thing DHCP Snooping with option 82 will not allow a Cisco
ASA/PIX to run as a DHCP server. Found that out after turning on Snooping.

Andy

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
roykhan123_at_hotmail.com
Sent: Sunday, June 12, 2011 11:02 AM
To: ccielab_at_groupstudy.com
Subject: DHCP Snooping Issue

Dear All,

I am facing problem in my network is that i am getting DHCP snooping Deny
log messages continue in my switches. I knows that how dhcp snooping is
working but i do not knows why this is appearing in the switch, when there
is no dhcp server connected that ports and every thing is working fine.

%SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi2/18, vlan
20.([0022.5ac1.202a/10.1.1.1/0000.0000.0000/10.0.176.16/17:38:05 AST Sun Jun
12
2011])

1. Is this because of Virus. that cause the machine to generate this error.
I saw this problem before there was a virus.
2. I dont knows about the servers may be some services is running inside
the server that cause the server to generate this request Or some thing else

Note some there is no virus on the machine and still this error is occur on
the machine... I really do not Why this happening and how i fix this issue.

Currently I am getting this message and there is no issue with the Machine
it self

Port configuration

interface GigabitEthernet2/9

switchport
switchport access vlan 19
switchport mode access
switchport voice vlan 16
ip arp inspection limit rate 128
no ip address
spanning-tree portfast
spanning-tree bpduguard enable
end
!
ip dhcp snooping
ip dhcp snooping vlan 19,16
!

kindly advise

Take care

Blogs and organic groups at http://www.ccie.net
Received on Sun Jun 12 2011 - 11:23:35 ART

This archive was generated by hypermail 2.2.0 : Fri Jul 01 2011 - 06:24:28 ART