I think you have the snooping and DAI rightly configured.
Are you sure spanning tree is not forwarding through an unexpected path?
let's see the output of these show commands from Cat1 & Cat2.
sh ip arp inspect int | i Trusted
sh int trunk | i 12|forwarding
sh span vl 12 | i FWD
Your Trusted interswitch trunk should appear in all three if it is
actually forwarding in spanning tree.
On Sat, Jan 28, 2012 at 4:31 PM, Dennis Worth <dennis.worth_at_gmail.com> wrote:
> What does sh ip arp inspection interfaces and sh ip arp inspection log say?
>
> On Fri, Jan 27, 2012 at 11:05 PM, Ben Hughes <bhughes_at_imc.net.au> wrote:
>
>> Hi guys,
>>
>> Can anyone help me with where I'm going wrong regarding DAI? I have the
>> following setup:
>>
>> R1 <-> Cat2 <-> Cat1 <-> R2
>>
>> R1 is a DHCP server and R2 is a DHCP client.
>>
>> I have configured the following on both switches:
>>
>> ip dhcp snoop vlan 12
>> no ip dhcp snooping information option
>> ip dhcp snooping database flash:dhcpsnoo
>> ip dhcp snoop
>> ip arp insp vlan 12
>> ip arp insp validate src-mac dest-mac ip
>>
>> R1's port and interswitch trunks on Cat1 have
>> ip dhcp snoop trust
>>
>> On Cat2 I have the following for R1:
>> arp access-list VL12
>> permit ip host <R1IP> mac host <R1mac> log
>> ip arp inspection filter VL12 vlan 12
>>
>> I can't work out why ARP is still not working. R2 gets an address fine.
>> If I disable ARP inspection on Cat1 everything starts to work. Given that
>> the interswitch trunks have "ip arp inspect trust" and Cat1 has a DHCP
>> snoop binding for R2 I can't see why this doesn t work.
>>
>> Anyone got any ideas for me?
>>
>> cheers,
>> Ben.
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> Dennis Worth
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
-- -- Olugbenga Oyebande MD, DAIT 234-803-302-5287 http://www.dait-ng.com Cisco Networks, Network Security & Quality of Service DAIT Linux Enterprise Network Servers, Web Portal Projects Broadband Internet Deployment & ISP Consultancy Blogs and organic groups at http://www.ccie.netReceived on Sat Jan 28 2012 - 20:12:13 ART
This archive was generated by hypermail 2.2.0 : Thu Feb 02 2012 - 11:52:52 ART