ARP Validation Question
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎07-13-2018 04:51 PM
I am attempting to configure dhcp-snooping with arp validation on a lab X450e-24p. DHCP snooping seems to work fine, I configure a trusted port (24) where the DHCP server is reached off of.
When I configure arp validation, I begin to get errors related to the default gateway of the network.
An ARP violation was detected on vlan port 24 violating IP violating MAC violation type Invalid IP-MAC Binding
I'm presuming this is because the gateway does not DHCP so a binding is never learned. Is the solution to this to create a static entry with this command:
"configure ip-security dhcp-bindings add"
Am I thinking of this correctly, is there any other technique?
When I configure arp validation, I begin to get errors related to the default gateway of the network.
An ARP violation was detected on vlan
I'm presuming this is because the gateway does not DHCP so a binding is never learned. Is the solution to this to create a static entry with this command:
"configure ip-security dhcp-bindings add"
Am I thinking of this correctly, is there any other technique?
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎07-16-2018 11:42 AM
From the documentation: If configured for DHCP snooping, the switch snoops DHCP packets on the indicated ports and builds a DHCP bindings database of IP address and MAC address bindings from the received packets.
I think is may be that a trusted dhcp server is not set in the configuration. The switch or router ne to trust a server or a port that responds to the dhcp requests.
Example: configure trusted-servers vlan120 add server ip_address trust-for dhcp-server
Could please show us the ip-security dhcp-snooping configuration so that we can have more info to t-shoot the issue?
Thank you!
I think is may be that a trusted dhcp server is not set in the configuration. The switch or router ne to trust a server or a port that responds to the dhcp requests.
Example: configure trusted-servers vlan120 add server ip_address trust-for dhcp-server
Could please show us the ip-security dhcp-snooping configuration so that we can have more info to t-shoot the issue?
Thank you!
