Verifying Dynamic ARP protection configuration
To display the current configuration of dynamic ARP protection, including additional validation
checks and the trusted ports that are configured, enter the show arp-protect command:
Example 9 The show arp-protect command
HP Switch(config)# show arp-protect
ARP Protection Information
Enabled Vlans : 1-4094
Validate : dest-mac, src-mac
Port
Trust
----- -----
5
Yes
6
Yes
7
No
8
No
9
No
Displaying ARP packet statistics
To display statistics about forwarded ARP packets, dropped ARP packets, MAC validation failure,
and IP validation failures, enter the show arp-protect statistics VLAN-ID-RANGE
command:
Example 10 The show arp-protect statistics command
HP Switch(config)# show arp-protect statistics 1-2
Status and Counters - ARP Protection Counters for VLAN 1
Forwarded pkts : 10
Bad bindings
Malformed pkts : 0
Status and Counters - ARP Protection Counters for VLAN 2
Forwarded pkts : 1
Bad bindings
Malformed pkts : 1
Monitoring dynamic ARP protection
With dynamic ARP protection enabled, you can monitor and troubleshoot the validation of ARP
packets with the debug arp-protect command. Use this command to debug the following
conditions:
The switch drops valid ARP packets that should be allowed.
The switch allows invalid ARP packets that should be dropped.
Bad source mac
: 1
Bad destination mac: 1
Bad IP address
Bad source mac
: 1
Bad destination mac: 1
Bad IP address
: 2
: 0
: 1
: 1
Dynamic ARP protection
19