Sign in to follow this  
Followers 0
eXPlosionas

Invalid ARP

4 posts in this topic

Let's say there is a client router connected on switch port G1/0/6. But command on switch "show mac address table int G1/0/6" shows nothing. Also command "sh ip dhcp snooping binding int G1/0/6" also shows nothing. So i do not see routers mac or ip adress on that port. Then i run the command "no ip verify source port-security" and i see routers mac with "sh mac address table" command but do not see routers ip with "dhcp snooping".

Then in the loggs appears folowing lines:

Aug 1 07:08:18.434 EEST: %SW_DAI-4-INVALID_ARP: 1 Invalid ARPs (Req) on Gi1/0/6

, vlan 376.([0024.a534.55f3/192.168.0.100/001b.0dff.5e00/192.168.0.1/07:08:18
It seems like router got private ip address from rogue dhcp which is on the same vlan.
The question then is why "ip dhcp snooping binding" doesn't show this private ip address 192.168.0.100.
Because it is not in the dhcp snooping database switch doesn't accept packets from this router (because of ip verify source port-security command) and that's why routers mac address isn't also in mac adddress table before i used command "no ip verify source port-security". Am i right?
0

Share this post


Link to post
Share on other sites

I have more examples about same arp problem

here is the basic scheme

(our) Switch --- (client) Router (ip xxx.xxx.56.159, gateway xxx.xxx.56.190) --- (client) PC (ip 192.168.0.101, gateway 192.168.0.1)

 

examples from switch logg

Mar 25 23:26:43.227 GMT: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/0/3, vlan 349.([ccaf.7843.xxxx/192.168.0.101/0000.0000.0000/xxx.xxx.56.190/23:26:43 GMT Thu Mar 25 2015])
Mar 25 23:26:44.234 GMT: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/0/3, vlan 349.([ccaf.7843.xxxx/192.168.0.101/0000.0000.0000/xxx.xxx.56.190/23:26:43 GMT Thu Mar 25 2015])
Mar 25 23:26:45.240 GMT: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/0/3, vlan 349.([ccaf.7843.xxxx/192.168.0.101/0000.0000.0000/xxx.xxx.56.190/23:26:44 GMT Thu Mar 25 2015])
Mar 25 23:33:52.508 GMT: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi1/0/3, vlan 349.([344d.f73e.xxxx/192.168.0.103/0000.0000.0000/192.168.0.1/23:33:51 GMT Thu Mar 25 2015])
The last line is clear. Computer was connected to router. got 192.168.0.103 ip adress and 192.168.0.1 gateway (clients router), and then clients' cable was plugged into lan port on router not into wan, and that's why switch logged invalid arp request.
But first three lines are not clear. How did computer got private ip address from clients' router and also default gateway xxx.xxx.56.190, that is gateway of the router. The router somehow tols pc tu use gateway xxx.xxx.56.190 ant then main cable between switch and router also was plugged into routers lan port?
0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0