Problems with DAI

I'm having problems with DAI on a 2960. After reloading the switch, windows clients are able to continue using their dhcp address. However a Linksys wrt54gl running dd-wrt invariably fails to reconnect. I can't even see a mac on the port until i reboot the Linksys.

In the log I see this:
May 14 17:46:06.688: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Fa0/9, vlan 1.([687f.7410.6913/10.10.10.4/0000.0000.0000/10.10.10.1/17:46:06 berlin Fri May 14 2010])

Where 10.10.10.4 is the linksys and 10.10.10.1 is the default router (c1812). What's causing the Linksys to have problems, while a Win 7 client works?

This is for a real world project, so I need to solve this before going live.

edit:typos

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

creamy_stew

Curioser and curioser. As far as I can tell, this is simply DAI saying that there is no DHCP snooping binding. Until I enabled DAI, DHCP snooping with ip source guard seemed to work ok, though the Linksys still took more time to start working than the Win 7 client.

jeanathan

Quick answer is that I don't know.

However, I did a lab on DAI and IP source gaurd on a 3550. And the all 0's mac address

0000.0000.0000

ended up being my problem.

Which is to say in my case, and I assume your's, by having the linksys do the DHCP it causes a problem that DAI cannot register a MAC address for the linksys.

I don't know why, I do know

The 0000.0000.0000 indicates that the router/switch is currently unaware of the MAC address...

via Cisco learning forums.

You might try the same lab with a Server 2003/ Linux dhcp and see what happens, I never fully figured the issue out as I was pressing myself in other areas.

creamy_stew

I was starting to think I was the only one running into this

This has got to be a known quirk.

Just to be clear: the Linksys and the Win7 are the dhcp clients. The c1812 is both default gateway and dhcp server in my lab.

In the live implemenation the default gw would be an 6500/hsrp which would be handing out public ip:s.

jeanathan

creamy_stew wrote: »

I was starting to think I was the only one running into this

This has got to be a known quirk.

Just to be clear: the Linksys and the Win7 are the dhcp clients. The c1812 is both default gateway and dhcp server in my lab.

In the live implemenation the default gw would be an 6500/hsrp which would be handing out public ip:s.

Huh ok I see I was using linksys for dhcp and I thought that was my culprit, but you are using a cisco 1812 and have the same issue. Strange, I had hsrp running on my 2 3550's that I implemented DAI on. Might be a connect there, but kind of grasping at straws (needle in a haystack).

creamy_stew

Well I'm not running hsrp on anything, so thats probably not it.

Interesting though, that we both experience all-zeros-mac-problems which some how seem related to DAI.