Table of Contents
Advertisement
Parameters
vlan‐range
logging
Defaults
Logging is disabled by default.
Mode
Switch command, read‐write.
Usage
This command enables dynamic ARP inspection (DAI) on one or more VLANs. When DAI is
enabled on a VLAN, DAI is effectively enabled on the interfaces (physical ports or LAGs) that are
members of that VLAN.
DAI uses the DHCP snooping bindings database to verify that the sender MAC address and the
source IP address are a valid pair in the database. ARP packets whose sender MAC address and
sender IP address do not match an entry in the database are dropped.
If logging is enabled, invalid ARP packets are also logged.
Example
This example enables DAI on VLANs 2 through 5 and also enables logging of invalid ARP packets
on those VLANs.
C3(su)->set arpinspection vlan 2-5 logging
set arpinspection trust
Use this command to enable or disable a port as a dynamic ARP inspection trusted port.
Syntax
set arpinspection trust port port-string {enable | disable}
Parameters
port‐string
enable | disable
Defaults
By default, all physical ports and LAGs are untrusted.
Mode
Switch command, read‐write.
Specifies the VLAN or range of VLANs on which to enable dynamic
ARP inspection.
(Optional) Enables logging of invalid ARP packets for that VLAN.
Specifies the port or ports to be enabled or disabled as DAI trusted
ports. The ports can be physical ports or LAGs that are members of a
VLAN.
Enables or disables the specified ports as trusted for DAI.
set arpinspection trust
SecureStack C3 Configuration Guide 17-21
- Quick Links:
- Set Ip Address
Hide quick links:
Advertisement
Table of Contents
