Users Guide
1038 Snooping and Inspecting Traffic
Configuring Dynamic ARP Inspection
Use the following commands to configure DAI settings on the switch.
show ip verify interface
interface
View IPSG parameters for a specific port or LAG. The
interface parameter includes the interface type
(gigabitethernet, tengigabitethernet, or port-channel)
and number.
show ip verify source
[interface interface]
View IPSG bindings configured on the switch or on a
specific port or LAG.
show ip source binding View IPSG bindings.
Command Purpose
configure Enter global configuration mode.
ip arp inspection vlan
vlan-list [logging]
Enable Dynamic ARP Inspection on a single VLAN or a
range of VLANs. Use the logging keyword to enable
logging of invalid packets.
ip arp inspection
validate {[src-mac] [dst-
mac] [ip]}
Enable additional validation checks like source MAC
address validation, destination MAC address validation, or
IP address validation on the received ARP packets.
Each command overrides the configuration of the
previous command. For example, if a command enables
source MAC address and destination validations and a
second command enables IP address validation only, the
source MAC address and destination MAC address
validations are disabled as a result of the second
command.
• src-mac
—
For validating the source MAC address of an
ARP packet.
• dst-mac
—
For validating the destination MAC address of
an ARP packet.
• ip
—
For validating the IP address of an ARP packet.
arp access-list acl-name Create an ARP ACL with the specified name (1–31
characters) and enter ARP Access-list Configuration mode
for the ACL.
Command Purpose