34-7
Software Configuration Guide—Release 12.2(25)EW
OL-6696-01
Chapter 34 Understanding and Configuring Dynamic ARP Inspection
Configuring Dynamic ARP Inspection
The statistics will display as follows:
Vlan Forwarded Dropped DHCP Drops ACL Drops
---- --------- ------- ---------- ----------
1 2 2 2 0
Vlan DHCP Permits ACL Permits Source MAC Failures
---- ------------ ----------- -------------------
1 2 0 0
Vlan Dest MAC Failures IP Validation Failures
---- ----------------- ----------------------
1 0 0
S1#
Configuring Switch S2
To enable DAI and configure fa3/3 on S2 as trusted, follow these steps:
Step 1 Verify the connectivity:
S2# show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
S1 Fas 3/3 120 R S I WS-C4006 Fas 6/3
S2#
Step 2 Enable DAI on VLAN 1, and verify the configuration:
S2# conf t
Enter configuration commands, one per line. End with CNTL/Z.
S2(config)# ip arp inspection vlan 1
S2(config)# end
S2# show ip arp inspection vlan 1
Source Mac Validation : Disabled
Destination Mac Validation : Disabled
IP Address Validation : Disabled
Vlan Configuration Operation ACL Match Static ACL
---- ------------- --------- --------- ----------
1 Enabled Active
Vlan ACL Logging DHCP Logging
---- ----------- ------------
1 Deny Deny
S2#
Step 3 Configure interface fa3/3 as trusted:
S2# conf t
Enter configuration commands, one per line. End with CNTL/Z.
S2(config)# interface fastEthernet 3/3
S2(config-if)# ip arp inspection trust
S2(config-if)# end
S2# show ip arp inspection interfaces
To Next Page
Loading...
