Table of Contents
Advertisement
Dynamic ARP Inspection Overview
Basic Configuration
The following basic configuration does not change the default rate limiting parameters.
Procedure 17-2 Basic Dynamic ARP Inspection Configuration
Step
1.
2.
3.
4.
5.
17-18 DHCP Snooping and Dynamic ARP Inspection
Task
Configure DHCP snooping.
Enable ARP inspection on the VLANs where
clients are connected, and optionally, enable
logging of invalid ARP packets.
Determine which ports are not security threats
and configure them as DAI trusted ports.
If desired, configure optional validation
parameters.
If desired, configure static mappings for DAI by
creating ARP ACLs:
• Create the ARP ACL
• Apply the ACL to a VLAN
Command(s)
Refer to
Procedure 17-1
on page 17-3.
set arpinspection vlan vlan-range
[logging]
set arpinspection trust port
port-string enable
set arpinspection validate
{[src-mac] [dst-mac] [ip]}
set arpinspection filter name permit
ip host sender-ipaddr mac host
sender-macaddr
set arpinspection filter name vlan
vlan-range [static]
- Quick Links:
- Set Ip Address
Hide quick links:
Advertisement
Table of Contents
