Name: Cisco Catalyst 2960-XR
Brand: Cisco
Rating: 5 (1 reviews)

To Next Page

To Previous Page

This example shows how to configure an ARP ACL called host2 on Switch A, to permit ARP packets from

Host 2 (IP address 1.1.1.1 and MAC address 0001.0001.0001), to apply the ACL to VLAN 1, and to configure

port 1 on Switch A as untrusted:

Switch(config)#arp access-list host2

Switch(config-arp-acl)#permit ip host 1.1.1.1 mac host 1.1.1

Switch(config-arp-acl)# exit

Switch(config)# ip arp inspection filter host2 vlan 1

Switch(config)# interface gigabitethernet1/0/1

Switch(config-if)# no ip arp inspection trust

Configuring Dynamic ARP Inspection in DHCP Environments

Before You Begin

This procedure shows how to configure dynamic ARP inspection when two switches support this feature.

Host 1 is connected to Switch A, and Host 2 is connected to Switch B. Both switches are running dynamic

ARP inspection on VLAN 1 where the hosts are located. A DHCP server is connected to Switch A. Both hosts

acquire their IP addresses from the same DHCP server. Therefore, Switch A has the bindings for Host 1 and

Host 2, and Switch B has the binding for Host 2.

Dynamic ARP inspection depends on the entries in the DHCP snooping binding database to verify

IP-to-MAC address bindings in incoming ARP requests and ARP responses. Make sure to enable DHCP

snooping to permit ARP packets that have dynamically assigned IP addresses.

Note

Beginning in privileged EXEC mode, follow these steps to configure dynamic ARP inspection. You must

perform this procedure on both switches. This procedure is required.

SUMMARY STEPS

show cdp neighbors

configure terminal

ip arp inspection vlan vlan-range

Interfaceinterface-id

ip arp inspection trust

end

show ip arp inspection interfacesshow ip arp inspection vlan vlan-range

show ip dhcp snooping binding

show ip arp inspection statistics vlan vlan-range

10.

copy running-config startup-config

DETAILED STEPS

PurposeCommand or Action

Verify the connection between the switches.show cdp neighbors

Step 1

Catalyst 2960-XR Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX1

OL-29434-01 205

Configuring Dynamic ARP Inspection

Configuring Dynamic ARP Inspection in DHCP Environments

Other manuals for Cisco Catalyst 2960-XR

Reference52 pages

Configuration Guide196 pages

Configuration Guides120 pages

Questions and Answers:

Need help?

Do you have a question about the Cisco Catalyst 2960-XR and is the answer not in the manual?

Cisco Catalyst 2960-XR Specifications

General

Stacking Bandwidth	80 Gbps
Layer Support	Layer 2 and Layer 3
Jumbo Frame Support	9198 bytes
RAM	512 MB
Input Voltage	100-240V AC
Model	Catalyst 2960-XR
Uplink Interfaces	4 x 1G SFP or 2 x 10G SFP+
Downlink Interfaces	24 or 48 x Gigabit Ethernet ports
Power Supply	Internal
MAC Address Table Size	16, 000 entries
PoE	Available on PoE models
Weight	4.5 kg
Features	energy efficiency
Stacking	Up to 8 switches
Operating Temperature	0 to 45°C