2-104
Catalyst 4500 Series Switch Cisco IOS System Message Guide Release 12.2(31)SGA
OL-11541-01
Chapter 2 Messages and Recovery Procedures
SW_DAI Messages
SW_DAI Messages
This section contains the dynamic ARP inspection (DAIMAN) messages.
SW_DAI-4
Error Message SW_DAI-4-ACL_DENY: [dec]Invalid ARPs (Req) on [chars], vlan [dec].
Explanation
The switch received ARP packets that are considered invalid by ARP inspection. The
packets are invalid, and their presence indicates that administratively denied packets are in the
network. This log message generates when packets have been denied by ACLs either explicitly or
implicitly (with static ACL configuration). The presence of these packets indicates a possible
“man-in-the-middle” attacks in the network.
Recommended Action To stop these messages from generating, find the source host of these packets
and stop the host from sending them.
Error Message SW_DAI-4-DHCP_SNOOPING_DENY: [dec] Invalid ARPs (Req) on [chars], vlan
[chars].
Explanation
The switch received ARP packets that are considered invalid by ARP inspection. The
packets are invalid, and their presence may be an indication of “man-in-the-middle” attacks that are
attempted in the network. This message is logged when the IP address and MAC address binding for
the sender on the received VLAN is not listed in the DHCP snooping database.
Recommended Action To stop these messages from generating, find the source host of these packets
and stop the host from sending them.
Error Message SW_DAI-4-INVALID_ARP: [dec] Invalid ARPs (Req) on [chars], vlan
[chars].
Explanation
The switch received ARP packets that are considered invalid by ARP inspection. The
packets are invalid and do not pass one or more of the source MAC address, destination MAC
address, or IP address validation checks. A packet was denied because the source MAC address,
destination MAC address, or IP validation failed.
Recommended Action To stop these messages from generating, find the source host of these packets
and stop the host from sending them.
Error Message SW_DAI-4-PACKET_BURST_RATE_EXCEEDED: [dec] packets received in [dec]
seconds on [char].
Explanation
The switch received [dec] number of ARP packets in the specified burst interval. The
interface was in the errdisabled state and the switch received the packets at a rate higher than the
configured packet rate for every second over the configured burst interval. The message is logged
just before the interface entered the errdisabled state and if the configured burst interval is more than
one second.
Recommended Action This is an informational message only. No action is required.
To Next Page
Loading...
Need help?
General
