Reset Search
 

 

Article

Problem with Dynamic ARP Inspection after software upgrade

« Go Back

Information

 
TitleProblem with Dynamic ARP Inspection after software upgrade
Symptoms
  • After moving from release 5.7 to version 5.12.2, some clients could not receive an IP address from DHCP server. 
  • DHCP snooping together with Dynamic ARP Inspection(DAI) was in use.
  • After upgrade, regardless DAI is disabled or enabled on VLAN, randomly selected DAI Untrusted ports could no receive an IP address. 
  • Changing the port to DAI Trusted solves an issue. 
  • Only non-base unit interfaces are affected.  
Environment
  • Ethernet Routing Switch 4800
  • Software version 5.12.2 
Cause
The issue was seen in one system only, and could not be replicated.

During the investigation, intruder mac address has been caught on the DAI trusted uplink interface, toward DHCP server. The MAC belongs to the Router interface where DHCP relay is configured.

#dbg trace module DHCP level debug
{M46-S0:L5} 0x8b43d00 (tDHCP): 000 02:08:21:417 dhcp_main.c:537 - dhcpMain(): msgID:  DHCP_MSG_PKT_RCV_FROM_IDT
{M46-S0:L4} 0x8b43d00 (tDHCP): 000 02:08:21:417 dhcp_main.c:869 - dhcpProcessPacket(): vid(yyy),unit(x) port(xx)
{M46-S0:L4} 0x8b43d00 (tDHCP): 000 02:08:21:417 dhcp_main.c:1987 - dhcpMacIntruder(): vid(yyy), clientMac(xx-xx-xx-xx-xx-xx)


Above, bold, message appeared every time the client could not receive an IP address.
Resolution
When the issue is visible, please collect the following data and contact Extreme GTAC:
 
#show ip dhcp-snooping
#show ip dhcp-snooping external-save
#show ip dhcp-snooping interface
#show ip dhcp-snooping binding
#show ip dhcp-relay
#show ip arp-inspection
#show ip arp-inspection interface
#show running-config
#show tech
Additional notes
Clearing DHCP Snooping binding table solves the problem. Please note that after clearing binding table, defining a root cause may be not possible.

To clear DHCP binding table use the following command:
 
#clear ip dhcp-snooping binding

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255