Cisco Nexus 9000 Series Configuration Manual page 429

Configuring Dynamic ARP Inspection
switchB(config)#
Step 3 Configure Ethernet interface 1/4 as trusted.
switchB(config)# interface ethernet 1/4
switchB(config-if)# ip arp inspection trust
switchB(config-if)# exit
switchB(config)# exit
switchB# show ip arp inspection interface ethernet 1/4
Interface
-------------
Ethernet1/4
switchB#
Step 4
Verify the list of DHCP snooping bindings.
switchB# show ip dhcp snooping binding
MacAddress
-----------------
00:01:00:01:00:01
switchB#
Step 5 Check the statistics before and after DAI processes any packets.
switchB# show ip arp inspection statistics vlan 1
Vlan : 1
-----------
ARP Req Forwarded
ARP Res Forwarded
ARP Req Dropped
ARP Res Dropped
DHCP Drops
DHCP Permits
SMAC Fails-ARP Req = 0
SMAC Fails-ARP Res = 0
DMAC Fails-ARP Res = 0
IP Fails-ARP Req
IP Fails-ARP Res
switchB#
If Host 2 sends out an ARP request with the IP address 10.0.0.2 and the MAC address 0001.0001.0001, the packet is
forwarded, and the statistics are updated.
switchB# show ip arp inspection statistics vlan 1
Vlan : 1
-----------
ARP Req Forwarded
ARP Res Forwarded
ARP Req Dropped
ARP Res Dropped
DHCP Drops
DHCP Permits
SMAC Fails-ARP Req = 0
SMAC Fails-ARP Res = 0
DMAC Fails-ARP Res = 0
IP Fails-ARP Req
IP Fails-ARP Res
switchB#
Trust State Rate (pps)
----------- ----------
Trusted 15
IpAddress LeaseSec
--------------- --------
10.0.0.2 4995
= 0
= 0
= 0
= 0
= 0
= 0
= 0
= 0
= 1
= 0
= 0
= 0
= 0
= 1
= 0
= 0
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
Burst Interval
--------------
5
Type VLAN Interface
------------- ---- -------------
dhcp-snooping 1 Ethernet1/4
Configuring Device B
403