Configuring The Dai Trust State Of A Layer 2 Interface - Cisco Nexus 9000 Series Configuration Manual

Configuring Dynamic ARP Inspection
Command or Action
Step 3 (Optional) show ip arp inspection vlan vlan-id
Example:
switch(config)# show ip arp inspection vlan 13
Step 4 (Optional) copy running-config startup-config
Example:
switch(config)# copy running-config startup-config

Configuring the DAI Trust State of a Layer 2 Interface

You can configure the DAI interface trust state of a Layer 2 interface. By default, all interfaces are untrusted.
A device forwards ARP packets that it receives on a trusted Layer 2 interface but does not check them.
On untrusted interfaces, the device intercepts all ARP requests and responses and verifies that the intercepted
packets have valid IP-MAC address bindings before updating the local cache and forwarding the packet to
the appropriate destination. If the device determines that packets have invalid bindings, it drops the packets
and logs them according to the logging configuration.
Before you begin
If you are enabling DAI, make sure that the DHCP feature is enabled.
SUMMARY STEPS
1. configure terminal
2. interface type port/slot
3. [no] ip arp inspection trust
4. (Optional) show ip arp inspection interface type port/slot
5. (Optional) copy running-config startup-config
DETAILED STEPS
Command or Action
Step 1
configure terminal
Example:
switch# configure terminal
switch(config)#
Step 2 interface type port/slot
Example:
switch(config)# interface ethernet 2/1
switch(config-if)#
Purpose
Displays the DAI configuration for a specific VLAN.
Copies the running configuration to the startup
configuration.
Purpose
Enters global configuration mode.
Enters interface configuration mode.
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
Configuring the DAI Trust State of a Layer 2 Interface
395