[c-nsp] ME-3600X ip unnumbered arp poll issue

Дмитрий Мудров dmitrymu at hub.sknt.ru
Tue Mar 22 04:43:42 EDT 2016 

Hello. I am trying to set up ip unnumbered on ME-3600X-24FS-M.
IOS version currently running is 15.3(3)S1, also tried suggested (15.5(3)S2)

Problem occur, when i'm trying to enable arp poll mechanism (ip unnumbered <interface> poll).
A windows PC does not apply settings which it has got via dhcp. It is recieving DHCP ACK and to ensure,
that there is no stations with the same ip around, it then sends gratuitous
arp, with src ip 0.0.0.0 src mac of itself and dst address, that was in DHCP ACK.
ME3600 then sends an arp reply, with desired ip and it's own mac address in source (does not happen,
if i switch off poll), a PC then sends DHCP DECLINE, because it thinks, that duplicate ip occur.
This is what i see from debug arp:

.Mar 21 14:11:39.175: IP ARP: rcvd req src 0.0.0.0 3c07.7159.98d2, dst 10.246.0.5 Vlan3996
.Mar 21 14:11:39.175: IP ARP: rejecting entry for IP address: 0.0.0.0, hw: 3c07.7159.98d2
.Mar 21 14:11:39.175: IP ARP: sent rep src 10.246.0.5 5c50.1543.8640

Here is testing lab's config:

ip dhcp pool testdhcppoll
network 10.246.0.0 255.255.255.0
default-router 10.246.0.1

vlan 3996

interface Loopback1
ip address 10.246.0.1 255.255.255.0

interface GigabitEthernet0/3
switchport access vlan 3996
spanning-tree portfast
spanning-tree bpdufilter enable
end

interface Vlan3996
ip unnumbered Loopback1 poll

I've tried to disable gratuitous arp and proxy arp and things like these,
but nothing helps. Only solution i've found so far is to switch on
ip arp inspection with an arp acl:

arp access-list denygratarp
deny request ip host 0.0.0.0 mac any
permit ip any mac any

Then it works, but when i switch on arp inspection on a customer vlan, on any of 3600s in my production network, i'm getting some unpleasant tracebacks in logs:

Mar 21 12:11:46: -Traceback= 7316A4z 28646B0z 2865DBCz 2F53E70z 25B3D00z 25F7808z 25F24C4z 25F3338z 2F3F06Cz 2894CC4z 2894CC4z 2F3F128z 1066C18z 1066C18z 10672F8z 247667Cz
Mar 21 12:11:46: ************** SVI SEND invoked with NULL HWIDB
Mar 21 12:11:46: -Traceback= 7316A4z 28646B0z 2865DBCz 2F53E70z 25B3D00z 25F7808z 25F24C4z 25F3338z 2F3F06Cz 2894CC4z 2894CC4z 2F3F128z 1066C38z 1066C18z 10672F8z 247667Cz
Mar 21 12:11:46: ************** SVI SEND invoked with NULL HWIDB

Also I really don't want to use arp inspection, if not needed.
Are there any ways to solve this problem?
Also tested this mechanism on several other L3 switches, 3750-12G and C4900M, seems to work fine.


С уважением,
Мудров Дмитрий,
Ведущий инженер
Тел. +7(812)386-20-20
Доб. 3202

More information about the cisco-nsp mailing list