switchB(config)#
Step 3 Configure Ethernet interface 1/4 as trusted.
switchB(config)# interface ethernet 1/4
switchB(config-if)# ip arp inspection trust
switchB(config-if)# exit
switchB(config)# exit
switchB# show ip arp inspection interface ethernet 1/4
Interface Trust State Rate (pps) Burst Interval
------------- ----------- ---------- --------------
Ethernet1/4 Trusted 15 5
switchB#
Step 4 Verify the list of DHCP snooping bindings.
switchB# show ip dhcp snooping binding
MacAddress IpAddress LeaseSec Type VLAN Interface
----------------- --------------- -------- ------------- ---- -------------
00:01:00:01:00:01 10.0.0.2 4995 dhcp-snooping 1 Ethernet1/4
switchB#
Step 5 Check the statistics before and after DAI processes any packets.
switchB# show ip arp inspection statistics vlan 1
Vlan : 1
-----------
ARP Req Forwarded = 0
ARP Res Forwarded = 0
ARP Req Dropped = 0
ARP Res Dropped = 0
DHCP Drops = 0
DHCP Permits = 0
SMAC Fails-ARP Req = 0
SMAC Fails-ARP Res = 0
DMAC Fails-ARP Res = 0
IP Fails-ARP Req = 0
IP Fails-ARP Res = 0
switchB#
If Host 2 sends out an ARP request with the IP address 10.0.0.2 and the MAC address 0001.0001.0001, the packet is
forwarded, and the statistics are updated.
switchB# show ip arp inspection statistics vlan 1
Vlan : 1
-----------
ARP Req Forwarded = 1
ARP Res Forwarded = 0
ARP Req Dropped = 0
ARP Res Dropped = 0
DHCP Drops = 0
DHCP Permits = 1
SMAC Fails-ARP Req = 0
SMAC Fails-ARP Res = 0
DMAC Fails-ARP Res = 0
IP Fails-ARP Req = 0
IP Fails-ARP Res = 0
switchB#
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
403
Configuring Dynamic ARP Inspection
Configuring Device B
To Next Page
Loading...
