Reset Search
 

 

Article

ARP spoof detect does not work about VRRP VIP having version 3

« Go Back

Information

 
TitleARP spoof detect does not work about VRRP VIP having version 3
Symptoms
in case of using VRRP version 3 in VOSS, ARP spoof detect does not work while it works properly with VRRP version 2
 
Environment
Tested by VSP4850, 4450, 8404 with 8.0.7.0, 8.1.1.0, 8.1.2.0.
Cause
Software Defect.
Resolution
Upgrade to 8.1.6.0. 
Additional notes
Test Diagram.

VSP8400 (vlan 100, 1/1)-------------------------------- PC (mac 00:00:00:11:22:44)
                   VIP 2.2.2.1

Logs.

[version 3 case]

BCB-44:1#show ip vrrp address
====================================================================================================
                            VRRP Info - GlobalRouter
====================================================================================================
VRRP ID  P/V      IP              MAC                STATE    CONTROL  PRIO  ADV VERSION
----------------------------------------------------------------------------------------------------
100      100      2.2.2.1         00:00:5e:00:01:64  Master   Enabled  100   1   3       

BCB-44:1#show spoof-detect mac
----------------------------------------------------------------------------------------------------
            Spoof Detect Blocked Mac Address            
----------------------------------------------------------------------------------------------------
PORT             MAC ADDRESS       VLAN ID  
----------------------------------------------------------------------------------------------------

TOTAL BLOCKED MAC:-   0            



[version 2 case]
CP1 [04/14/20 17:11:55.099:KST] 0x000385d7 00000000 GlobalRouter P2IP WARNING Trying to learn duplicate IP address (2.2.2.1) from ethernet address: 00:00:00:11:22:44, this IP address is already in use for VRRP.
CP1 [04/14/20 17:11:55.100:KST] 0x00004682 00000000 GlobalRouter SNMP WARNING Duplicate IP address (2.2.2.1) sent from ethernet address: 00:00:00:11:22:44 on Port: 1/1
CP1 [04/14/20 17:11:55.101:KST] 0x000385ee 00d00001.192 DYNAMIC SET GlobalRouter P2IP WARNING ARP Spoofing detected for Port: 1/1, IfIndex: 2148 Mac: 00:00:00:11:22:44

BCB-44:1(config-if)#show ip vrrp address
====================================================================================================
                            VRRP Info - GlobalRouter
====================================================================================================
VRRP ID  P/V      IP              MAC                STATE    CONTROL  PRIO  ADV VERSION
----------------------------------------------------------------------------------------------------
100      100      2.2.2.1         00:00:5e:00:01:64  Master   Enabled  100   1   2      


BCB-44:1(config-if)#show spoof-detect mac
----------------------------------------------------------------------------------------------------
            Spoof Detect Blocked Mac Address            
----------------------------------------------------------------------------------------------------
PORT             MAC ADDRESS       VLAN ID  
----------------------------------------------------------------------------------------------------
1/1             00:00:00:11:22:44    100              

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255