Configuring Dynamic ARP Inspection
•
•
•
•
•
•
•
•
•
•
•
•
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest caveats and
feature information, see Bug Search Tool and the release notes for your platform and software release. To
find information about the features documented in this module, and to see a list of the releases in which each
feature is supported, see the feature information table at the end of this module.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not
required.
Restrictions for Dynamic ARP Inspection
This section lists the restrictions and guidelines for configuring Dynamic ARP Inspection on the switch.
• Dynamic ARP inspection is an ingress security feature; it does not perform any egress checking.
Finding Feature Information, page 1299
Restrictions for Dynamic ARP Inspection, page 1299
Understanding Dynamic ARP Inspection, page 1301
Default Dynamic ARP Inspection Configuration, page 1304
Relative Priority of ARP ACLs and DHCP Snooping Entries, page 1305
Configuring ARP ACLs for Non-DHCP Environments , page 1305
Configuring Dynamic ARP Inspection in DHCP Environments, page 1308
Limiting the Rate of Incoming ARP Packets, page 1311
Performing Dynamic ARP Inspection Validation Checks, page 1313
Monitoring DAI, page 1315
Verifying the DAI Configuration, page 1316
Additional References, page 1316
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
57
C H A P T E R
1299