34-8
Software Configuration Guide—Release 12.2(25)EW
OL-6696-01
Chapter 34 Understanding and Configuring Dynamic ARP Inspection
Configuring Dynamic ARP Inspection
Interface Trust State Rate (pps)
--------------- ----------- ----------
Gi1/1 Untrusted 15
Gi1/2 Untrusted 15
Gi3/1 Untrusted 15
Gi3/2 Untrusted 15
Fa3/3 Trusted None
Fa3/4 Untrusted 15
Fa3/5 Untrusted 15
Fa3/6 Untrusted 15
Fa3/7 Untrusted 15
<output truncated>
S2#
Step 4 Verify the list of DHCP snooping bindings:
S2# show ip dhcp snooping binding
MacAddress IpAddress Lease(sec) Type VLAN Interface
------------------ --------------- ---------- ------------- ---- --------------------
00:01:00:01:00:01 1.1.1.1 4995 dhcp-snooping 1 FastEthernet3/4
S2#
Step 5 Check the statistics before and after Dynamic ARP processes any packets:
S2# show ip arp inspection statistics vlan 1
Vlan Forwarded Dropped DHCP Drops ACL Drops
---- --------- ------- ---------- ----------
1 0 0 0 0
Vlan DHCP Permits ACL Permits Source MAC Failures
---- ------------ ----------- -------------------
1 0 0 0
Vlan Dest MAC Failures IP Validation Failures
---- ----------------- ----------------------
1 0 0
S2#
If H2 then sends out an ARP request with the IP address 1.1.1.1 and the MAC address 0001.0001.0001,
the packet is forwarded and the statistics are updated appropriately:
S2# show ip arp inspection statistics vlan 1
Vlan Forwarded Dropped DHCP Drops ACL Drops
---- --------- ------- ---------- ----------
1 1 0 0 0
Vlan DHCP Permits ACL Permits Source MAC Failures
---- ------------ ----------- -------------------
1 1 0 0
Vlan Dest MAC Failures IP Validation Failures
---- ----------------- ----------------------
1 0 0
S2#
Conversely, if H2 attempts to send an ARP request with the IP address 1.1.1.2, the request is dropped
and an error message is logged:
00:18:08: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Fa3/4, vlan
1.([0001.0001.0001/1.1.1.2/0000.0000.0000/0.0.0.0/01:53:21 UTC Fri May 23 2003])
S2#
To Next Page
Loading...
Need help?
General
