38-11
Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX
OL-4266-08
Chapter 38 Configuring Dynamic ARP Inspection
Configuring DAI
Enabling DAI Error-Disabled Recovery
To enable DAI error disabled recovery, perform this task:
This example shows how to enable DAI error disabled recovery:
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# errdisable recovery cause arp-inspection
Router(config)# do show errdisable recovery | include Reason|---|arp-
ErrDisable Reason Timer Status
----------------- --------------
arp-inspection Enabled
Enabling Additional Validation
DAI intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings. You can
enable additional validation on the destination MAC address, the sender and target IP addresses, and the
source MAC address.
To enable additional validation, perform this task:
When enabling additional validation, note the following information:
• You must specify at least one of the keywords.
• Each ip arp inspection validate command overrides the configuration from any previous
commands. If an ip arp inspection validate command enables src and dst mac validations, and a
second ip arp inspection validate command enables IP validation only, the src and dst mac
validations are disabled as a result of the second command.
Command Purpose
Step 1
Router# configure terminal
Enters global configuration mode.
Step 2
Router(config)# errdisable recovery cause
arp-inspection
(Optional) Enables DAI error disabled recovery (disabled
by default).
Router(config-if)# no errdisable recovery cause
arp-inspection
Disables DAI error disabled recovery.
Step 3
Router(config)# do show errdisable recovery |
include Reason|---|arp-
Verifies the configuration.
Command Purpose
Step 1
Router# configure terminal
Enters global configuration mode.
Step 2
Router(config)# ip arp inspection validate
{[dst-mac] [ip] [src-mac]}
(Optional) Enables additional validation (default is
none).
Router(config)# no ip arp inspection validate
{[dst-mac] [ip] [src-mac]}
Disables additional validation.
Step 3
Router(config)# do show ip arp inspection |
include abled$
Verifies the configuration.
To Next Page
Loading...
Need help?
General
