Users Guide

Table Of Contents
Address Hardware Address Interface VLAN
--------------------------------------------------------------------
10.2.1.1 00:40:50:00:00:00 port-channel100 vlan3001
10.1.1.13 00:2a:10:01:00:00 port-channel100 vlan3001
10.1.1.62 00:2a:10:01:00:01 port-channel100 vlan3001
View DAI statistics
You can view valid and invalid ARP requests that the switch has received and replies that the switch has sent.
Use the following command in EXEC mode:
show ip arp inspection statistics vlan vlan-name
Example for viewing DAI statistics
OS10# show ip arp inspection statistics
Dynamic ARP Inspection (DAI) Statistics
---------------------------------------
Valid ARP Requests : 0
Valid ARP Replies : 1000
Invalid ARP Requests : 1000
Invalid ARP Replies : 0
View DAI violation information
show ip arp inspection logging
Example for viewing DAI violation information
OS10# show ip arp inspection logging
Total Number of Clients : 1
New Clients learnt in current Interval : 0
Invalid ARP packets in current interval : 0
Address Hw-Address Port VLAN First-detected-time
Packet-count
-----------------------------------------------------------------------------------
10.1.1.1 12:d3:43:a1:2e:23 ethernet1/1/1 10 00:23:14 2
Source Address Validation
Source Address Validation (SAV) is a security feature that instructs switches to permit IP traffic only from clients present in the
DHCP snooping binding table.
When you enable SAV, the switch compares the source IP and MAC addresses in the packet with the DHCP snooping binding
table. If there is a match, the device forwards the packet. If there is no match, it drops the packet.
SAV is disabled by default.
NOTE: Dell EMC Networking recommends enabling SAV before enabling DHCP snooping on the system.
OS10 supports three types of Source Address Validation:
1. Source IP address validation
2. Source IP and MAC address validation
3. DHCP source MAC address validation
Source IP address validation
This feature filters IP traffic, based on the source IP address and permits traffic only from clients present in the DHCP snooping
binding table. The switch compares the following in the packet to the DHCP snooping binding table:
Source IP address
The VLAN to which the client is connected
The interface (physical or port channel) to which the client is connected
If there is a match, the switch forwards the packet.
System management
297