Problems with DAI
creamy_stew
Member Posts: 406 ■■■□□□□□□□
in CCNP
I'm having problems with DAI on a 2960. After reloading the switch, windows clients are able to continue using their dhcp address. However a Linksys wrt54gl running dd-wrt invariably fails to reconnect. I can't even see a mac on the port until i reboot the Linksys.
In the log I see this:
May 14 17:46:06.688: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Fa0/9, vlan 1.([687f.7410.6913/10.10.10.4/0000.0000.0000/10.10.10.1/17:46:06 berlin Fri May 14 2010])
Where 10.10.10.4 is the linksys and 10.10.10.1 is the default router (c1812). What's causing the Linksys to have problems, while a Win 7 client works?
This is for a real world project, so I need to solve this before going live.
edit:typos
In the log I see this:
May 14 17:46:06.688: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Fa0/9, vlan 1.([687f.7410.6913/10.10.10.4/0000.0000.0000/10.10.10.1/17:46:06 berlin Fri May 14 2010])
Where 10.10.10.4 is the linksys and 10.10.10.1 is the default router (c1812). What's causing the Linksys to have problems, while a Win 7 client works?
This is for a real world project, so I need to solve this before going live.
edit:typos
Comments
-
creamy_stew Member Posts: 406 ■■■□□□□□□□Curioser and curioser. As far as I can tell, this is simply DAI saying that there is no DHCP snooping binding. Until I enabled DAI, DHCP snooping with ip source guard seemed to work ok, though the Linksys still took more time to start working than the Win 7 client.
-
jeanathan Member Posts: 163Quick answer is that I don't know.
However, I did a lab on DAI and IP source gaurd on a 3550. And the all 0's mac address0000.0000.0000
Which is to say in my case, and I assume your's, by having the linksys do the DHCP it causes a problem that DAI cannot register a MAC address for the linksys.
I don't know why, I do knowThe 0000.0000.0000 indicates that the router/switch is currently unaware of the MAC address...
You might try the same lab with a Server 2003/ Linux dhcp and see what happens, I never fully figured the issue out as I was pressing myself in other areas.Struggling through the re-certification process after 2 years of no OJT for the CCNP. -
creamy_stew Member Posts: 406 ■■■□□□□□□□I was starting to think I was the only one running into this
This has got to be a known quirk.
Just to be clear: the Linksys and the Win7 are the dhcp clients. The c1812 is both default gateway and dhcp server in my lab.
In the live implemenation the default gw would be an 6500/hsrp which would be handing out public ip:s. -
jeanathan Member Posts: 163creamy_stew wrote: »I was starting to think I was the only one running into this
This has got to be a known quirk.
Just to be clear: the Linksys and the Win7 are the dhcp clients. The c1812 is both default gateway and dhcp server in my lab.
In the live implemenation the default gw would be an 6500/hsrp which would be handing out public ip:s.
Huh ok I see I was using linksys for dhcp and I thought that was my culprit, but you are using a cisco 1812 and have the same issue. Strange, I had hsrp running on my 2 3550's that I implemented DAI on. Might be a connect there, but kind of grasping at straws (needle in a haystack).Struggling through the re-certification process after 2 years of no OJT for the CCNP. -
creamy_stew Member Posts: 406 ■■■□□□□□□□Well I'm not running hsrp on anything, so thats probably not it.
Interesting though, that we both experience all-zeros-mac-problems which some how seem related to DAI.