Cisco Nexus 9000 Series Configuration Manual page 427

Configuring Dynamic ARP Inspection
switchA# configure terminal
switchA(config)# ip arp inspection vlan 1
switchA(config)# show ip arp inspection vlan 1
Source Mac Validation
Destination Mac Validation : Disabled
IP Address Validation
Vlan : 1
-----------
Configuration
Operation State : Active
switchA(config)#
Step 3 Configure Ethernet interface 2/3 as trusted.
switchA(config)# interface ethernet 2/3
switchA(config-if)# ip arp inspection trust
switchA(config-if)# exit
switchA(config)# exit
switchA# show ip arp inspection interface ethernet 2/3
Interface
-------------
Ethernet2/3
Step 4 Verify the bindings.
switchA# show ip dhcp snooping binding
MacAddress
-----------------
00:60:0b:00:12:89
switchA#
Step 5
Check the statistics before and after DAI processes any packets.
switchA# show ip arp inspection statistics vlan 1
Vlan : 1
-----------
ARP Req Forwarded
ARP Res Forwarded
ARP Req Dropped
ARP Res Dropped
DHCP Drops
DHCP Permits
SMAC Fails-ARP Req = 0
SMAC Fails-ARP Res = 0
DMAC Fails-ARP Res = 0
IP Fails-ARP Req
IP Fails-ARP Res
switchA#
If host 1 sends out two ARP requests with an IP address of 10.0.0.1 and a MAC address of 0002.0002.0002, both requests
are permitted and are shown as follows:
switchA# show ip arp inspection statistics vlan 1
Vlan : 1
-----------
ARP Req Forwarded
ARP Res Forwarded
ARP Req Dropped
ARP Res Dropped
DHCP Drops
DHCP Permits
: Disabled
: Disabled
: Enabled
Trust State Rate (pps)
----------- ----------
Trusted 15
IpAddress LeaseSec
--------------- --------
10.0.0.1 0
= 0
= 0
= 0
= 0
= 0
= 0
= 0
= 0
= 2
= 0
= 0
= 0
= 0
= 2
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
Burst Interval
--------------
5
Type VLAN Interface
------------- ---- -------------
dhcp-snooping 1 Ethernet2/3
Configuring Device A
401