06-24-2021 02:59 AM
Hello,
I have following problem when enter this:
CUS(config)#arp 95.183.181.254 00e0.4c68.0b7d ethernet 5/1/13
ADD static arp 95.183.181.254 -> 00e0.4c68.0b7d -> 1/2/5 (VRF: 0)
Error - ip address not directly connected
I want to bind my pc ip address with that mac address on 13th port. What am I doing wrong?
Also I have folloing problem too when I try to enter ip source binding:
CUS(config)#ip source binding 95.183.181.252 ethernet 1/2/5 vlan 1810
Warning - IP Source Guard is Not configured on the per-port-per-VE vlan 1810 for port 1/2/5, 95.183.181.252 binding will not be active.
How can I solve this?
This is my running config:
CUS(config)#show running-config
Current configuration:
!
ver 08.0.90jT213
!
stack unit 1
module 1 icx7250-48p-poe-port-management-module
module 2 icx7250-sfp-plus-8port-80g-module
priority 128
stack-trunk 1/2/1 to 1/2/2
stack-trunk 1/2/3 to 1/2/4
stack unit 2
module 1 icx7250-48-port-management-module
module 2 icx7250-sfp-plus-8port-80g-module
stack-trunk 2/2/1 to 2/2/2
stack-trunk 2/2/3 to 2/2/4
stack unit 3
module 1 icx7250-48-port-management-module
module 2 icx7250-sfp-plus-8port-80g-module
stack-trunk 3/2/1 to 3/2/2
stack-trunk 3/2/3 to 3/2/4
stack unit 4
module 1 icx7250-48-port-management-module
module 2 icx7250-sfp-plus-8port-80g-module
stack-trunk 4/2/1 to 4/2/2
stack-trunk 4/2/3 to 4/2/4
stack unit 5
module 1 icx7250-48-port-management-module
module 2 icx7250-sfp-plus-8port-80g-module
stack-trunk 5/2/1 to 5/2/2
stack-trunk 5/2/3 to 5/2/4
stack enable
stack mac d4c1.9e77.be10
!
!
tftp disable
!
!
!
vlan 1 name DEFAULT-VLAN by port
!
!
!
!
vlan 1810 name idari by port
tagged ethe 1/2/5
untagged ethe 1/1/1 to 1/1/48 ethe 1/2/6 to 1/2/8 ethe 2/1/1 to 2/1/48 ethe 2/2/5 to 2/2/8 ethe 3/1/1 to 3/1/48 ethe 3/2/5 to 3/2/8 ethe 4/1/1 to 4/1/48 ethe 4/2/5 to 4/2/8 ethe 5/1/1 to 5/1/48 ethe 5/2/5 to 5/2/8
router-interface ve 1810
loop-detection
!
vlan 1911 name Yonetim by port
tagged ethe 1/2/5
router-interface ve 1911
!
!
!
!
!
!
!
!
!
!
loop-detection-interval 30
errdisable recovery cause loop-detect
errdisable recovery interval 600
aaa authentication web-server default local
aaa authentication login default local
enable aaa console
enable acl-per-port-per-vlan
hostname CUS_211_HAZIRLIK
ip arp inspection vlan 1911
ip dhcp snooping vlan 1810
ip dhcp snooping vlan 1911
ip route 0.0.0.0/0 192.168.11.1
!
no telnet server
username super password .....
!
!
snmp-server community ..... rw
snmp-server enable traps syslog
snmp-server host 95.183.180.42 version v2c .....
snmp-server host 95.183.180.170 version v2c .....
!
!
clock timezone gmt GMT+03
!
!
ntp
server 95.183.180.6
!
!
hitless-failover enable
!
!
sz registrar
!
!
!
!
!
!
!
!
!
interface ethernet 1/2/5
arp inspection trust
dhcp snooping trust
!
interface ve 1810
!
interface ve 1911
ip address 192.168.11.211 255.255.255.0
!
arp 95.183.181.254 00e0.4c68.0b7d inspection
arp 95.183.181.1 c091.34f9.0500 inspection
!
!
!
ip source bind 95.183.181.252 ethernet 1/2/5 vlan 1810
ip source bind 172.18.18.18 ethernet 4/1/15 vlan 1810
!
!
!
!
!
!
!
!
!
!
end
06-24-2021 09:33 AM
Generally, for an ARP entry to be learned, the router must have an IP address on the same subnet.
I can notice the ARP entry you're trying to configure in the example does not belong to any subnet in the switch. That is the reason why this entry cannot be configured.
On the other hand, IP source guard must be enabled at the interface level:
ICX7150-24P Router(config)#enable acl-per-port-per-vlan
Reload required. Please write memory and then reload or power cycle.
ICX7150-24P Router(config)#int e 1/1/2
ICX7150-24P Router(config-if-e1000-1/1/2)#source
source-guard Assign IP Source Guard option to this interface
ICX7150-24P Router(config-if-e1000-1/1/2)#source-guard ena
enable Config IP Source-Guard
ICX7150-24P Router(config-if-e1000-1/1/2)#source-guard enable
Please let me know if this info clarifies your doubts.
06-25-2021 07:37 AM
Arp inspection prblem solved. I have to enable it in vlan with ip arp inspection vlan command.
I will try source-gurad with a VE interface configured. Thanks a lot.
07-05-2021 01:59 AM
Hi Cankaya_university_bim,
Glad to hear that arp inspection worked. As a side note, for similar issues its always helpful if you open a support case to closely work with our support staff, This way we can access your switch remote and provide a faster resolution.
Thanks
Jijo