Cisco Catalyst 4500 Series - DAI Configuration Example

To Next Page

To Previous Page

58-7

Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex

Chapter 58 Configuring Dynamic ARP Inspection

Configuring Dynamic ARP Inspection

DAI Configuration Example

This example shows how to configure DAI on Switch A in VLAN 100. You would perform a similar

procedure on Switch B.

Switch A

SwitchA# show cdp neighbors

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone

Device ID Local Intrfce Holdtme Capability Platform Port ID

SwitchB Gig 3/48 179 R S I WS-C4506 Gig 3/46

SwitchA# configure terminal

SwitchA(config)# ip arp inspection vlan 100

SwitchA(config)# interface g3/48

SwitchA(config-if)# ip arp inspection trust

SwitchA(config-if)# end

SwitchA# show ip arp inspection interfaces

Interface Trust State Rate (pps) Burst Interval

--------------- ----------- ---------- --------------

Gi1/1 Untrusted 15 1

Gi1/2 Untrusted 15 1

Step 5

Switch(config-if)# ip arp inspection trust

Configures the connection between the switches as trusted.

To return the interfaces to an untrusted state, use the

no ip arp inspection trust interface configuration command.

By default, all interfaces are untrusted.

The switch does not check ARP packets that it receives from the

other switch on the trusted interface. It forwards the packets.

For untrusted interfaces, the switch intercepts all ARP requests

and responses. It verifies that the intercepted packets have valid

IP-to-MAC address bindings before updating the local cache and

before forwarding the packet to the appropriate destination. The

switch drops invalid packets and logs them in the log buffer

according to the logging configuration specified with the

ip arp inspection vlan logging global configuration command.

For more information, see the “Configuring the Log Buffer”

section on page 58-14.

Step 6

Switch(config-if)# end

Returns to privileged EXEC mode.

Step 7

Switch# show ip arp inspection interfaces

Switch# show ip arp inspection vlan

vlan-range

Verifies the DAI configuration.

Step 8

Switch# show ip dhcp snooping binding

Verifies the DHCP bindings.

Step 9

Switch# show ip arp inspection statistics

vlan vlan-range

Checks the DAI statistics.

Step 10

Switch# copy running-config startup-config

(Optional) Saves your entries in the configuration file.

Command Purpose

Main Page

Cisco Catalyst 4500 Series - DAI Configuration Example

Table of Contents

Other manuals for Cisco Catalyst 4500 Series

Related product manuals