Administrator Guide
972 Snooping and Inspecting Traffic
Configuring Dynamic ARP Inspection
Beginning in Privileged EXEC mode, use the following commands to
configure DAI settings on the switch.
exit Exit to Privileged EXEC mode.
show ip verify interface
interface
View IPSG parameters for a specific port or LAG. The
interface
parameter includes the interface type
(gigabitethernet, tengigabitethernet, or port-channel)
and number.
show ip verify source
[interface
interface
]
View IPSG bindings configured on the switch or on a
specific port or LAG.
show ip source binding View IPSG bindings.
Command Purpose
configure Enter global configuration mode.
ip arp inspection vlan
vlan-range [logging]
Enable Dynamic ARP Inspection on a single VLAN or a
range of VLANs. Use the logging keyword to enable
logging of invalid packets.
ip arp inspection
validate {[src-mac] [dst-
mac] [ip]}
Enable additional validation checks like source MAC
address validation, destination MAC address validation, or
IP address validation on the received ARP packets.
Each command overrides the configuration of the
previous command. For example, if a command enables
source MAC address and destination validations and a
second command enables IP address validation only, the
source MAC address and destination MAC address
validations are disabled as a result of the second
command.
•
src-mac
—
For validating the source MAC address of an
ARP packet.
•
dst-mac
—
For validating the destination MAC address of
an ARP packet.
•
ip
—
For validating the IP address of an ARP packet.
Command Purpose