Включен и arp inspection, и source-guard.
Если я переставляю устройство с одного порта на другой (в примере с 16 на 14), по идее оно должно удалить lease на 16 порту, получить lease через snooping на 14 порт? DHCP-адрес к устройству приходит, а вот snooping database не обновилась. lease на устройство до сих пор торчит на 16 порту. В итоге arp inspection блокирует устройство.
Что может быть не так?
Код: Выделить всё
ip dhcp relay address 192.168.255.1
ip dhcp relay enable
ip dhcp relay information option suboption-type custom
ip dhcp relay information option format-type remote-id 10.10.10.1
ip dhcp snooping
ip dhcp snooping database
ip dhcp snooping vlan XXX
!
ip arp inspection
ip arp inspection vlan XXX
ip source-guard
!
loopback-detection enable
loopback-detection mode multicast-mac-addr
!
logging console errors
!
interface fastethernet 1/0/14
ip source-guard
loopback-detection enable
switchport access vlan XXX
bridge multicast unregistered filtering
storm-control broadcast enable
storm-control broadcast level kbps 100
storm-control multicast enable
storm-control multicast level kbps 100
storm-control broadcast shutdown
port security mode max-addresses
port security discard
spanning-tree disable
spanning-tree portfast
spanning-tree cost 2000000
spanning-tree bpdu filtering
spanning-tree bpduguard enable
spanning-tree restricted-tcn
rate-limit 100000 256000
traffic-shape 100000 256000
switchport access multicast-tv vlan YYY
multicast snooping add iptv2
multicast snooping max-groups 3
exit
!
interface fastethernet 1/0/16
ip source-guard
loopback-detection enable
switchport access vlan XXX
bridge multicast unregistered filtering
shutdown
storm-control broadcast enable
storm-control broadcast level kbps 100
storm-control multicast enable
storm-control multicast level kbps 100
storm-control broadcast shutdown
port security mode max-addresses
port security discard
spanning-tree disable
spanning-tree portfast
spanning-tree cost 2000000
spanning-tree bpdu filtering
spanning-tree bpduguard enable
spanning-tree restricted-tcn
rate-limit 100000 256000
traffic-shape 100000 256000
switchport access multicast-tv vlan YYY
multicast snooping add iptv2
multicast snooping max-groups 3
exit
!
Код: Выделить всё
sh ip dhcp snoop bind
Total number of binding: 2
MAC Address IP Address Lease (sec) Type VLAN Interface
------------------ --------------- ------------ ---------- ---- ----------
2c:fd:a1:aa:bd:05 100.64.1.130 73626 learned 420 fa1/0/5
b0:6e:bf:75:9a:d0 100.64.1.129 63173 learned 420 fa1/0/16
Код: Выделить всё
29-Mar-2019 15:17:42 :%ARPINSP-I-PCKTLOG: ARP packet dropped from port fa1/0/14 with VLAN tag XXX and reason: packet verification failed
SRC MAC b0:6e:bf:75:9a:d0 SRC IP 100.64.1.129 DST MAC 40:55:39:85:aa:c7 DST IP 100.64.255.254