Jump to content


Invalid ARP


  • Please log in to reply
3 replies to this topic

#1 eXPlosionas

eXPlosionas

    Member

  • Members
  • PipPip
  • 104 posts
  • Location:Lithuania

Posted 05 August 2014 - 10:55 PM

Let's say there is a client  router connected on switch port G1/0/6. But command on switch "show mac address table int G1/0/6" shows nothing. Also command "sh ip dhcp snooping binding int G1/0/6" also shows nothing. So i do not see routers mac or ip adress on that port. Then i run the command "no ip verify source port-security" and i see routers mac with "sh mac address table" command but do not see routers ip with "dhcp snooping".

Then in the loggs appears folowing lines:

Aug  1 07:08:18.434 EEST: %SW_DAI-4-INVALID_ARP: 1 Invalid ARPs (Req) on Gi1/0/6

, vlan 376.([0024.a534.55f3/192.168.0.100/001b.0dff.5e00/192.168.0.1/07:08:18
 
It seems like router got private ip address from rogue dhcp which is on the same vlan.
The question then is why "ip dhcp snooping binding" doesn't show this private ip address 192.168.0.100.
Because it is not in the dhcp snooping database switch doesn't accept packets from this router (because of ip verify source port-security command) and that's why routers mac address isn't also in mac adddress table before i used command "no ip verify source port-security". Am i right?

  • 0

#2 MarkinManchester

MarkinManchester

    Village Elder

  • Veterans
  • PipPipPipPipPip
  • 3976 posts
  • Gender:Male
  • Location:Manchester

Posted 06 August 2014 - 10:50 PM

i think this is a good descrition of what you are experiencing https://supportforum...ing-dynamic-arp


  • 0

#3 eXPlosionas

eXPlosionas

    Member

  • Members
  • PipPip
  • 104 posts
  • Location:Lithuania

Posted 07 August 2014 - 05:40 PM

Yes, but that doesn't answer my questions


  • 0

#4 eXPlosionas

eXPlosionas

    Member

  • Members
  • PipPip
  • 104 posts
  • Location:Lithuania

Posted 27 March 2015 - 10:30 PM

I have more examples about same arp problem

here is the basic scheme

(our) Switch --- (client) Router (ip xxx.xxx.56.159, gateway xxx.xxx.56.190) --- (client) PC (ip 192.168.0.101, gateway 192.168.0.1)

 

examples from switch logg

Mar 25 23:26:43.227 GMT: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/0/3, vlan 349.([ccaf.7843.xxxx/192.168.0.101/0000.0000.0000/xxx.xxx.56.190/23:26:43 GMT Thu Mar 25 2015])
Mar 25 23:26:44.234 GMT: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/0/3, vlan 349.([ccaf.7843.xxxx/192.168.0.101/0000.0000.0000/xxx.xxx.56.190/23:26:43 GMT Thu Mar 25 2015])
Mar 25 23:26:45.240 GMT: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/0/3, vlan 349.([ccaf.7843.xxxx/192.168.0.101/0000.0000.0000/xxx.xxx.56.190/23:26:44 GMT Thu Mar 25 2015])
Mar 25 23:33:52.508 GMT: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/0/3, vlan 349.([344d.f73e.xxxx/192.168.0.103/0000.0000.0000/192.168.0.1/23:33:51 GMT Thu Mar 25 2015])
 
The last line is clear. Computer was connected to router. got 192.168.0.103 ip adress and 192.168.0.1 gateway (clients router), and then clients' cable was plugged into lan port on router not into wan, and that's why switch logged invalid arp request.
But first three lines are not clear. How did computer got private ip address from clients' router and also default gateway xxx.xxx.56.190, that is gateway of the router. The router somehow tols pc tu use gateway xxx.xxx.56.190 ant then main cable between switch and router also was plugged into routers lan port?

  • 0





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users