Dynamic ARP Inspection
Fixed Switch Configuration Guide 26-25
Example Configuration
This section provides two examples, one for a non-routing switch, and one for routing switches.
Non-Routing Example
The following example configures DHCP snooping and dynamic ARP inspection in a non-routing
environment. The example configures VLAN 10 on the switch and then enables DHCP snooping
and dynamic ARP inspection on this VLAN. Interfaces are configured as follows:
• Interface ge.1.1, which is connected to a DHCP server, on VLAN 10
• Interface ge.1.2, which is connected to DHCP clients, on VLAN 10
VLAN Configuration
set vlan create 10
clear vlan egress 1 ge.1.1-2
set vlan egress 10 ge.1.2 untagged
DHCP Snooping Configuration
set dhcpsnooping enable
set dhcpsnooping vlan 10 enable
set dhcpsnooping trust port ge.1.1 enable
To display the ARP configuration of one or more VLANs show arpinspection vlan
vlan-range
To display ARP statistics for all DAI-enabled VLANs or for
specific VLANs
show arpinspection statistics
[vlan vlan-range]
Table 26-14 Managing Dynamic ARP Inspection
Task Command
To remove additional optional ARP validation parameters that
were previously configured.
clear arpinspection validate
{[src-mac] [dst-mac] [ip]}
To disable dynamic ARP inspection on one or more VLANs or
to disable logging of invalid ARP packets on one or more
VLANs.To disable both logging and DAI, you must enter this
command twice.
clear arpinspection vlan
vlan-range [logging]
To:
• Remove a configured ARP ACL from the switch, or
• Remove a permit rule from a configured ARP ACL, or
• Remove the association of an ARP ACL with a VLAN or
VLANs, or
• Disable static mapping of an ARP ACL associated with a
VLAN or VLANs.
clear arpinspection filter name
[permit ip host sender-ipaddr
mac host sender-macaddr] | [vlan
vlan-range [static]
To return the DAI rate limiting values to their default values for
a port or range of ports.
clear arpinspection limit port
port-string
To clear all dynamic ARP inspection statistics clear arpinspection statistics
Table 26-13 Displaying Dynamic ARP Inspection Information (continued)
Task Command
To Next Page
Loading...
Need help?
General