I stand corrected.  You can create a mask for the MAC address implying multiple hosts.

I've set up Dynamic ARP Inspection (DAI).  Any idea's on the best way to test if it's working?

Hello

Any idea's on the best way to test if it's working?

As you are aware DAI works off dhcp snooping D/B, So what you can do is have say 3 hosts all on the same vlan and two of those to be dhcp clients and 3rd one with a static ip address.

Enable dhcp snooping and DAI, and then two dhcp hosts should be able to speak to each other due to the fact they will be binded to the snooping D/B and so DAI can match on it - however both dhcp hosts WONT be able to speak to the 3rd static defined host as no entry exists in the snoop D/B and as such DAI wont allow it.

res
Paul

My understanding is that it can be done without DHCP Snooping enabled and the manner in which I  implemented it without came by way of a Cisco doc.  I'm finding that in my environment that some features do not work as they should (Cisco VIRL) so I'm not expecting anything spectacular.

Hello

Yes is can , In fact static arp inspection take preference over DAI via snooping D/B

If both are configured at the same time then the static will be read first.

example:
arp access-list STAN
permit ip host x.x.x.x mac host yyyy.yyyy.yyyy

ip arp inspection filter list STAN vlan xxx


Unusual to hear that in virl this isnt available -  I thought it was this was ciscos answer to GNS3  simulator?

res
Paul

Hello

Forgot to mention I actually purchased a student copy of viral but it incessantly complained about lack of memory , I only wanted to test ASAv simulations but it was getting on my nerves so I haven't tried to us it since.

How do you run yours - ESX hosting, hyper-V  and what cpu and memory are you using?

res
Paul

I'm running it as a bare-metal cluster with two PowerEdge 2950's.  Total is 16 cores and 32 MB's RAM.  It's heavy on the RAM usage no doubt.