38-19
Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX
OL-4266-08
Chapter 38 Configuring Dynamic ARP Inspection
DAI Configuration Samples
Configuring Router B
To enable DAI and configure Fast Ethernet port 3/3 on Router B as trusted, follow these steps:
Step 1 Verify the connectivity:
RouterA# show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
RouterB Fas 3/3 120 R S I WS-C6506 Fas 6/3
RouterB#
Step 2 Enable DAI on VLAN 1, and verify the configuration:
RouterB# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
RouterB(config)# ip arp inspection vlan 1
RouterB(config)# end
RouterB# show ip arp inspection vlan 1
Source Mac Validation : Disabled
Destination Mac Validation : Disabled
IP Address Validation : Disabled
Vlan Configuration Operation ACL Match Static ACL
---- ------------- --------- --------- ----------
1 Enabled Active
Vlan ACL Logging DHCP Logging
---- ----------- ------------
1 Deny Deny
RouterB#
Step 3 Configure Fast Ethernet port 3/3 as trusted:
RouterB# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
RouterB(config)# interface fastethernet 3/3
RouterB(config-if)# ip arp inspection trust
RouterB(config-if)# end
RouterB# show ip arp inspection interfaces
Interface Trust State Rate (pps)
--------------- ----------- ----------
Gi1/1 Untrusted 15
Gi1/2 Untrusted 15
Gi3/1 Untrusted 15
Gi3/2 Untrusted 15
Fa3/3 Trusted None
Fa3/4 Untrusted 15
Fa3/5 Untrusted 15
Fa3/6 Untrusted 15
Fa3/7 Untrusted 15
<output truncated>
RouterB#
Step 4 Verify the list of DHCP snooping bindings:
RouterB# show ip dhcp snooping binding
MacAddress IpAddress Lease(sec) Type VLAN Interface
To Next Page
Loading...
