Sw_Dai Messages - Cisco 3750 - Catalyst EMI Switch Message Manual

Switch system message guide

Hide thumbs Also See for 3750 - Catalyst EMI Switch:

Command reference manual (1154 pages)

Software configuration manual (926 pages)

Hardware installation manual (231 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

page of 120

/ 120
Contents
Table of Contents
Bookmarks

Table of Contents

Chapter 2

Message and Recovery Procedures

SW_DAI Messages

This section contains the dynamic ARP inspection (DAI) messages.

Error Message SW_DAI-4-ACL_DENY: [dec] Invalid ARPs ([chars]) on [chars], vlan

[dec].([[enet]/[chars]/[enet]/[chars]/[time-of-day]]).

Error Message SW_DAI-4-DHCP_SNOOPING_DENY: [dec] Invalid ARPs ([chars]) on [chars],

vlan [dec].([[enet]/[chars]/[enet]/[chars]/[time-of-day]]).

Error Message SW_DAI-6-DHCP_SNOOPING_PERMIT: [dec] ARPs ([chars]) on [chars], vlan

[dec].([[enet]/[chars]/[enet]/[chars]/[time-of-day]]).

78-16184-04

This message means that the switch has received ARP packets considered invalid by

Explanation

ARP inspection. The packets are erroneous, and their presence shows that administratively denied

packets were seen in the network. This log message appears when packets have been denied by

ACLs either explicitly or implicitly (with static ACL configuration). These packets show attempted

man-in-the-middle attacks in the network. The first [dec] is the number of invalid ARP packets. The

first [chars] is either Req (request) or Res (response), and the second [chars] is the short name of the

ingress interface. The second [dec] is the ingress VLAN ID.

[enet]/[chars]/[enet]/[chars]/[time-of-day] is the MAC address of the sender, the IP address of the

sender, the MAC address of the target, the IP address of the target, and the time of day.

No action is required.

Recommended Action

This message means that the switch has received ARP packets considered invalid by

Explanation

ARP inspection. The packets are erroneous, and their presence might show attempted

man-in-the-middle attacks in the network. This log message appears when the sender's IP and MAC

address binding for the received VLAN is not present in the DHCP snooping database. The first

[dec] is the number of invalid ARP packets. The first [chars] is either Req (request) or Res

(response), and the second [chars] is the short name of the ingress interface. The second [dec] is the

ingress VLAN ID. [enet]/[chars]/[enet]/[chars]/[time-of-day] is the MAC address of the sender, the

IP address of the sender, the MAC address of the target, the IP address of the target, and the time of

day.

Recommended Action

No action is required.

Explanation

This message means that the switch has received ARP packets that have been permitted

because the sender's IP and MAC address match the DHCP snooping database for the received

VLAN. The first [dec] is the number of valid ARP packets. The first [chars] is either Req (request)

or Res (response), and the second [chars] is the short name of the ingress interface. The second [dec]

is the ingress VLAN ID. [enet]/[chars]/[enet]/[chars]/[time-of-day] is the MAC address of the

sender, the IP address of the sender, the MAC address of the target, the IP address of the target, and

the time of day.

No action is required.

Recommended Action

Catalyst 3750 Switch System Message Guide

SW_DAI Messages

2-81

Table of Contents

Sw_Dai Messages - Cisco 3750 - Catalyst EMI Switch Message Manual

SW_DAI Messages

Related Manuals for Cisco 3750 - Catalyst EMI Switch

Related Content for Cisco 3750 - Catalyst EMI Switch

Table of Contents