38-17
Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX
OL-4266-08
Chapter 38 Configuring Dynamic ARP Inspection
DAI Configuration Samples
• To ensure that this configuration does not compromise security, configure Fast Ethernet port 6/3 on
Router A and Fast Ethernet port 3/3 on Router B as trusted.
Configuring Router A
To enable DAI and configure Fast Ethernet port 6/3 on Router A as trusted, follow these steps:
Step 1 Verify the connection between switches Router A and Router B:
RouterA# show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
RouterB Fas 6/3 177 R S I WS-C6506 Fas 3/3
RouterA#
Step 2 Enable DAI on VLAN 1 and verify the configuration:
RouterA# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
RouterA(config)# ip arp inspection vlan 1
RouterA(config)# end
RouterA# show ip arp inspection vlan 1
Source Mac Validation : Disabled
Destination Mac Validation : Disabled
IP Address Validation : Disabled
Vlan Configuration Operation ACL Match Static ACL
---- ------------- --------- --------- ----------
1 Enabled Active
Vlan ACL Logging DHCP Logging
---- ----------- ------------
1 Deny Deny
RouterA#
Step 3 Configure Fast Ethernet port 6/3 as trusted:
RouterA# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
RouterA(config)# interface fastethernet 6/3
RouterA(config-if)# ip arp inspection trust
RouterA(config-if)# end
RouterA# show ip arp inspection interfaces fastethernet 6/3
Interface Trust State Rate (pps)
--------------- ----------- ----------
Fa6/3 Trusted None
RouterA#
Step 4 Verify the bindings:
RouterA# show ip dhcp snooping binding
MacAddress IpAddress Lease(sec) Type VLAN Interface
------------------ --------------- ---------- ------------- ---- --------------------
00:02:00:02:00:02 1.1.1.2 4993 dhcp-snooping 1 FastEthernet6/4
RouterA#
To Next Page
Loading...
