RE: DHCP Snooping Issue from Roy Khan on 2011-06-12 (Ccielab archives 06/2011)

From: Roy Khan <roykhan123_at_hotmail.com>
Date: Sun, 12 Jun 2011 21:32:31 +0600

Yes I already tried IP arp dhcp trust command on that interface
and then its pinging but as our policy we are not allowed to do this command
on the users ports.

the port g2/18 the Windows Machine is connected. there is Firewall between
users and DHCP server.

Is some application installed in the machine cause this issue I saw this issue
and application was the cause...

Date: Sun, 12 Jun 2011 16:14:58 +0100
Subject: Re: DHCP Snooping Issue
From: sadiqtanko_at_gmail.com
To: roykhan123_at_hotmail.com
CC: ccielab_at_groupstudy.com

Whats connected to g2/18?

Can you show the output of "show ip dhcp snooping binding (all)".

I suspect you have a device that is connected to the port. The device has is
probably not configured for dhcp. This means the device is trying to arp.
Since the switch does not know this device in its snoop binding table, its
denying the ARP frames.

If my guess is right, you need to configure the device to do DHCP or configure
the port as a trust port for both DHCP and ARP to solve the problem.

HTH
Sadiq

On Sun, Jun 12, 2011 at 4:01 PM, <roykhan123_at_hotmail.com> wrote:

Dear All,

I am facing problem in my network is that i am getting DHCP snooping Deny log

messages continue in my switches. I knows that how dhcp snooping is working
but

i do not knows why this is appearing in the switch, when there is no dhcp

server connected that ports and every thing is working fine.

%SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi2/18, vlan

20.([0022.5ac1.202a/10.1.1.1/0000.0000.0000/10.0.176.16/17:38:05 AST Sun Jun
12

2011])

1. Is this because of Virus. that cause the machine to generate this error. I

saw this problem before there was a virus.

2. I dont knows about the servers may be some services is running inside the

server that cause the server to generate this request Or some thing else

Note some there is no virus on the machine and still this error is occur on
the

machine... I really do not Why this happening and how i fix this issue.

Currently I am getting this message and there is no issue with the Machine it

self

Port configuration

interface GigabitEthernet2/9

switchport

switchport access vlan 19

switchport mode access

switchport voice vlan 16

ip arp inspection limit rate 128

no ip address

spanning-tree portfast

spanning-tree bpduguard enable

end

ip dhcp snooping

ip dhcp snooping vlan 19,16

kindly advise

Take care

Blogs and organic groups at http://www.ccie.net
Received on Sun Jun 12 2011 - 21:32:31 ART

This archive was generated by hypermail 2.2.0 : Fri Jul 01 2011 - 06:24:28 ART