08-10-2017 06:29 AM - edited 03-08-2019 11:41 AM
Studying for CCNP 300-115 and during my review I was exploring the options for dynamic arp inspection. I'm curious about the difference between "Sender MAC address" and "Single Sender host"....I can only spend so much time on Google so this seems to be a more effective way to get answers.
SWITCH-B(config-arp-nacl)#permit ip host 10.10.20.20 mac ?
H.H.H Sender MAC address
any Any MAC address
host Single Sender host
08-10-2017 07:29 AM
can you copy the output from the following?
"permit ip host 10.10.20.20 mac host ?"
I'm guessing the host command is not necessary and is there for backward compatibility.
08-10-2017 07:32 AM
I stand corrected. You can create a mask for the MAC address implying multiple hosts.
08-10-2017 07:58 AM
I've set up Dynamic ARP Inspection (DAI). Any idea's on the best way to test if it's working?
08-10-2017 04:56 PM
Hello
Any idea's on the best way to test if it's working?
As you are aware DAI works off dhcp snooping D/B, So what you can do is have say 3 hosts all on the same vlan and two of those to be dhcp clients and 3rd one with a static ip address.
Enable dhcp snooping and DAI, and then two dhcp hosts should be able to speak to each other due to the fact they will be binded to the snooping D/B and so DAI can match on it - however both dhcp hosts WONT be able to speak to the 3rd static defined host as no entry exists in the snoop D/B and as such DAI wont allow it.
res
Paul
08-11-2017 10:41 AM
My understanding is that it can be done without DHCP Snooping enabled and the manner in which I implemented it without came by way of a Cisco doc. I'm finding that in my environment that some features do not work as they should (Cisco VIRL) so I'm not expecting anything spectacular.
08-11-2017 11:05 AM
Hello
Yes is can , In fact static arp inspection take preference over DAI via snooping D/B
If both are configured at the same time then the static will be read first.
example:
arp access-list STAN
permit ip host x.x.x.x mac host yyyy.yyyy.yyyy
ip arp inspection filter list STAN vlan xxx
Unusual to hear that in virl this isnt available - I thought it was this was ciscos answer to GNS3 simulator?
res
Paul
08-11-2017 11:19 AM
Hello
Forgot to mention I actually purchased a student copy of viral but it incessantly complained about lack of memory , I only wanted to test ASAv simulations but it was getting on my nerves so I haven't tried to us it since.
How do you run yours - ESX hosting, hyper-V and what cpu and memory are you using?
res
Paul
08-11-2017 11:39 AM
I'm running it as a bare-metal cluster with two PowerEdge 2950's. Total is 16 cores and 32 MB's RAM. It's heavy on the RAM usage no doubt.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide