- Cisco Community
- Technology and Support
- Networking
- Switching
- DAI for New users !
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
DAI for New users !
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-27-2023 05:29 AM
Hello,
I'm a bit confused regarding the correct implementation of DAI, I've read somewhere that the DHCP snooping binding table should be populated first before activating DAI, and it always work good like that, but what about new devices/users ? whenver I try to connect a new machine, it doesn't work until I disable DAI of that vlan, the device receive its IP, enable DAI again and it works
The switch platform is Catalyst 2960X, version 15.2.(7)E6
What to do to avoid this situation ?
Thank you
- Labels:
-
LAN Switching
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-27-2023 05:30 AM
can I see your config ??
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-27-2023 09:40 AM
DAI config ? sure,
I have DAI enabled in that vlan "ip arp inspection vlan 20", and uplink ports trusted (physical and port-channel) : ip arp inspection trust, that's it
DHCP snooping table is not fully populated btw, only old bindings are listed in there, so to let new hosts to access the network, I need to disable DAI in that vlan, have its IP received and registred in DHCP snooping table, and I can enable DAI again and it works !
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-27-2023 03:16 PM
show ip arp inspection interfaces <<- I need to see this
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-01-2023 05:04 AM
Hi
here's the output of show ip arp inspection interfaces
#show ip arp inspection interfaces Interface Trust State Rate (pps) Burst Interval --------------- ----------- ---------- -------------- Gi1/0/1 Untrusted 100 1 Gi1/0/2 Untrusted 100 1 Gi1/0/3 Untrusted 100 1 Gi1/0/4 Untrusted 100 1 Gi1/0/5 Untrusted 100 1 Gi1/0/6 Untrusted 100 1 Gi1/0/7 Untrusted 100 1 Gi1/0/8 Untrusted 100 1 Gi1/0/9 Untrusted 100 1 Gi1/0/10 Untrusted 100 1 Gi1/0/11 Untrusted 100 1 Gi1/0/12 Untrusted 100 1 Gi1/0/13 Untrusted 100 1 Gi1/0/14 Untrusted 100 1 Gi1/0/15 Untrusted 100 1 Gi1/0/16 Untrusted 100 1 Gi1/0/17 Untrusted 100 1 Gi1/0/18 Untrusted 100 1 Gi1/0/19 Untrusted 100 1 Gi1/0/20 Untrusted 100 1 Interface Trust State Rate (pps) Burst Interval --------------- ----------- ---------- -------------- Gi1/0/21 Untrusted 100 1 Gi1/0/22 Untrusted 100 1 Gi1/0/23 Untrusted 100 1 Gi1/0/24 Untrusted 100 1 Gi1/0/25 Untrusted 100 1 Gi1/0/26 Untrusted 100 1 Gi1/0/27 Untrusted 100 1 Gi1/0/28 Untrusted 100 1 Gi1/0/29 Untrusted 100 1 Gi1/0/30 Untrusted 100 1 Gi1/0/31 Untrusted 100 1 Gi1/0/32 Untrusted 100 1 Gi1/0/33 Untrusted 100 1 Gi1/0/34 Untrusted 100 1 Gi1/0/35 Untrusted 100 1 Gi1/0/36 Untrusted 100 1 Gi1/0/37 Untrusted 100 1 Gi1/0/38 Untrusted 100 1 Gi1/0/39 Untrusted 100 1 Gi1/0/40 Untrusted 100 1 Gi1/0/41 Untrusted 100 1 Gi1/0/42 Untrusted 100 1 Gi1/0/43 Untrusted 100 1 Interface Trust State Rate (pps) Burst Interval --------------- ----------- ---------- -------------- Gi1/0/44 Untrusted 100 1 Gi1/0/45 Untrusted 100 1 Gi1/0/46 Untrusted 100 1 Gi1/0/47 Untrusted 100 1 Gi1/0/48 Untrusted 100 1 Gi1/0/49 Untrusted 15 1 Gi1/0/50 Untrusted 15 1 Te1/0/1 Trusted None N/A Te1/0/2 Trusted None N/A Te1/1/1 Untrusted 15 1 Te1/1/2 Untrusted 15 1 Po13 Trusted None N/A
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-28-2023 02:16 AM
Hi,
Posted it down below
Thank you
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-28-2023 08:51 AM
Can you please give it a look please, paste it down
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-28-2023 09:05 AM
show ip arp inspection interfaces <<- this will more help me if you can share the output
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-01-2023 05:06 AM
Here's the output, thank you
#show ip arp inspection interfaces Interface Trust State Rate (pps) Burst Interval --------------- ----------- ---------- -------------- Gi1/0/1 Untrusted 100 1 Gi1/0/2 Untrusted 100 1 Gi1/0/3 Untrusted 100 1 Gi1/0/4 Untrusted 100 1 Gi1/0/5 Untrusted 100 1 Gi1/0/6 Untrusted 100 1 Gi1/0/7 Untrusted 100 1 Gi1/0/8 Untrusted 100 1 Gi1/0/9 Untrusted 100 1 Gi1/0/10 Untrusted 100 1 Gi1/0/11 Untrusted 100 1 Gi1/0/12 Untrusted 100 1 Gi1/0/13 Untrusted 100 1 Gi1/0/14 Untrusted 100 1 Gi1/0/15 Untrusted 100 1 Gi1/0/16 Untrusted 100 1 Gi1/0/17 Untrusted 100 1 Gi1/0/18 Untrusted 100 1 Gi1/0/19 Untrusted 100 1 Gi1/0/20 Untrusted 100 1 Interface Trust State Rate (pps) Burst Interval --------------- ----------- ---------- -------------- Gi1/0/21 Untrusted 100 1 Gi1/0/22 Untrusted 100 1 Gi1/0/23 Untrusted 100 1 Gi1/0/24 Untrusted 100 1 Gi1/0/25 Untrusted 100 1 Gi1/0/26 Untrusted 100 1 Gi1/0/27 Untrusted 100 1 Gi1/0/28 Untrusted 100 1 Gi1/0/29 Untrusted 100 1 Gi1/0/30 Untrusted 100 1 Gi1/0/31 Untrusted 100 1 Gi1/0/32 Untrusted 100 1 Gi1/0/33 Untrusted 100 1 Gi1/0/34 Untrusted 100 1 Gi1/0/35 Untrusted 100 1 Gi1/0/36 Untrusted 100 1 Gi1/0/37 Untrusted 100 1 Gi1/0/38 Untrusted 100 1 Gi1/0/39 Untrusted 100 1 Gi1/0/40 Untrusted 100 1 Gi1/0/41 Untrusted 100 1 Gi1/0/42 Untrusted 100 1 Gi1/0/43 Untrusted 100 1 Interface Trust State Rate (pps) Burst Interval --------------- ----------- ---------- -------------- Gi1/0/44 Untrusted 100 1 Gi1/0/45 Untrusted 100 1 Gi1/0/46 Untrusted 100 1 Gi1/0/47 Untrusted 100 1 Gi1/0/48 Untrusted 100 1 Gi1/0/49 Untrusted 15 1 Gi1/0/50 Untrusted 15 1 Te1/0/1 Trusted None N/A Te1/0/2 Trusted None N/A Te1/1/1 Untrusted 15 1 Te1/1/2 Untrusted 15 1 Po13 Trusted None N/A
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-27-2023 03:08 PM
you need to post show run from the device to look your config
or referent below DAI deployment and config guide :
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-28-2023 02:10 AM
below the show run output
SW_PARIS#sho run
Building configuration...
Current configuration : 19412 bytes
!
! Last configuration change at 14:35:10 utc Mon Feb 27 2023 by admin
! NVRAM config last updated at 11:58:02 utc Mon Feb 27 2023 by admin
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname T1_SR3_SW1
!
boot-start-marker
boot-end-marker
!
enable secret XXXXXXXXXXXXX
!
username admin privilege 15 secret 5 WWWWWWWWWWWWWWWWWWWW
aaa new-model
!
!
!
aaa session-id common
clock timezone utc 1 0
switch 1 provision ws-c2960x-48fpd-l
!
!
!
!
ip arp inspection vlan 1-20
!
!
ip dhcp snooping vlan 1-20
no ip dhcp snooping information option
ip dhcp snooping
ip domain-name domain.fr
ip device tracking probe auto-source
ip device tracking probe delay 10
vtp mode transparent
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-156196480
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-156196480
revocation-check none
rsakeypair TP-self-signed-156196480
!
!
crypto pki certificate chain TP-self-signed-156196480
certificate self-signed 01
30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31353631 39363438 30301E17 0D323231 31303232 30313035
365A170D 33303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3135 36313936
34383030 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
B7E53AC2 AC083363 CA636B77 A1FF1E7F 46051EAD 7569B1F1 D7B1D639 7FF3E4E4
EF8FB770 B33D3045 AA2C60F1 327C5EC6 AF00BBD1 73B097B2 42C00FCF 7CF77182
3F83BCC1 2D198293 9D34753F BCE9D867 BB4EB0BB 64175355 FBF3DE33 A1D2C0DC
E0AFD044 0F2C3F7E BC2004A9 7DFBBFE3 64DBC364 EFEA790C CF521786 F2C40AF1
02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
23041830 1680148E FF283D7B 20A9836 CC2E27B2 6F2BA02A 33582830 1D060355
1D0E0416 04148EFF 283D7B24 6A9836CC 2E27B26F 2BA02A33 5828300D 06092A86
4886F70D 01010505 00038181 0007CA8B 5AAC3154 896FBC8B 38D71307 5D44135A
68615578 A017B6BB 3959FCF5 8975FEC4 0871D915 F84FB1CA FBAA71E3 2484CBA1
26A41C46 B32F926B EFAFFB40 F0001646 821C4196 FB2AB502 A4C25CA6 3D759AC0
06BD8236 D4BCA632 7D163A8E D3CB5953 3BA88BC0 FAD397F5 E5BB3336 12D559E8
9E1BAFA8 3E707B7F AFFEF93F 77
quit
dot1x system-auth-control
dot1x critical eapol
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
vlan 20
name Data
!
lldp run
!
!
!
!
!
!
!
!
!
!
interface Port-channel13
switchport trunk allowed vlan 1,20
switchport mode trunk
ip arp inspection trust
ip dhcp snooping trust
!
interface FastEthernet0
no ip address
shutdown
!
interface GigabitEthernet1/0/1
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
spanning-tree portfast edge
!
interface GigabitEthernet1/0/2
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
!
interface GigabitEthernet1/0/3
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
!
interface GigabitEthernet1/0/4
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
!
interface GigabitEthernet1/0/5
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
!
interface GigabitEthernet1/0/6
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
!
interface GigabitEthernet1/0/7
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
!
interface GigabitEthernet1/0/8
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
!
interface GigabitEthernet1/0/9
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
!
interface GigabitEthernet1/0/10
switchport access vlan 3050
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
!
interface GigabitEthernet1/0/11
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
!
interface GigabitEthernet1/0/12
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
!
interface GigabitEthernet1/0/13
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
!
interface GigabitEthernet1/0/14
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
!
interface GigabitEthernet1/0/15
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
!
interface GigabitEthernet1/0/16
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
!
interface GigabitEthernet1/0/17
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
!
interface GigabitEthernet1/0/18
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
!
interface GigabitEthernet1/0/19
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
!
interface GigabitEthernet1/0/20
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
spanning-tree portfast edge
!
interface GigabitEthernet1/0/21
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
!
interface GigabitEthernet1/0/22
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
!
interface GigabitEthernet1/0/23
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
!
interface GigabitEthernet1/0/24
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
ip dhcp snooping trust
!
interface GigabitEthernet1/0/25
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
!
interface GigabitEthernet1/0/26
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
!
interface GigabitEthernet1/0/27
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
!
interface GigabitEthernet1/0/28
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
!
interface GigabitEthernet1/0/29
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
!
interface GigabitEthernet1/0/30
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
!
interface GigabitEthernet1/0/31
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
!
interface GigabitEthernet1/0/32
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
!
interface GigabitEthernet1/0/33
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
!
interface GigabitEthernet1/0/34
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
!
interface GigabitEthernet1/0/35
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
!
interface GigabitEthernet1/0/36
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
!
interface GigabitEthernet1/0/37
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
!
interface GigabitEthernet1/0/38
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
!
interface GigabitEthernet1/0/39
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
!
interface GigabitEthernet1/0/40
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
!
interface GigabitEthernet1/0/41
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
!
interface GigabitEthernet1/0/42
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
!
interface GigabitEthernet1/0/43
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
!
interface GigabitEthernet1/0/44
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
!
interface GigabitEthernet1/0/45
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
!
interface GigabitEthernet1/0/46
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
!
interface GigabitEthernet1/0/47
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
!
interface GigabitEthernet1/0/48
switchport access vlan 20
switchport mode access
ip arp inspection limit rate 100
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20
!
interface GigabitEthernet1/0/49
!
interface GigabitEthernet1/0/50
!
interface TenGigabitEthernet1/0/1
switchport trunk allowed vlan 1,20
switchport mode trunk
ip arp inspection trust
channel-group 1 mode active
ip dhcp snooping trust
!
interface TenGigabitEthernet1/0/2
switchport trunk allowed vlan 1,20
switchport mode trunk
ip arp inspection trust
channel-group 1 mode active
ip dhcp snooping trust
!
interface Vlan1
no ip address
shutdown
!
!
!
ip default-gateway 192.168.30.1
!
no ip http server
ip http secure-server
ip http max-connections 20
!
!
!
snmp-server group SNMPVVS v3 priv read N_VIEW
snmp-server view N_VIEW iso included
snmp-server view N_VIEW internet included
snmp-server view N_VIEW mib-2 included
snmp-server host 192.168.10.20. version 3 priv admin
!
!
!
!
!
line con 0
line vty 0 4
exec-timeout 5 0
logging synchronous
transport input ssh
transport output all
line vty 5 15
exec-timeout 5 0
logging synchronous
transport input ssh
transport output all
!
ntp server 192.168.200.1
ntp server 192.168.200.2
!
end
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-01-2023 06:40 AM
S1# show ip arp inspection statistics vlan x
S1# show ip dhcp snooping binding
S1# show ip arp inspection vlan x
share above then remove one host and add other and share the same output.
if you can
thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-02-2023 03:47 AM
Hi, you'll find the outputs below, btw, for now to not impact the production, I'm enabling it only in 1 vlan (test) which is defined in 1 interface (giga 1/0/1). After removing the host and plugging another, the output is still the same, and the new host doesn't receive an IP
S1#show ip dhcp snooping binding
MacAddress IpAddress Lease(sec) Type VLAN Interface
------------------ --------------- ---------- ------------- ---- --------------------
48:7A:55:1F:25:D1 10.4.3.125 1810 dhcp-snooping 50 GigabitEthernet1/0/37
48:7A:55:1F:25:A7 10.4.2.57 3545 dhcp-snooping 50 GigabitEthernet1/0/20
48:7A:55:1F:25:BE 10.4.1.63 3545 dhcp-snooping 50 GigabitEthernet1/0/4
00:E0:4C:36:01:E9 192.168.200.17 434603 dhcp-snooping 20 GigabitEthernet1/0/1
48:7A:55:1F:25:C1 10.4.2.121 1810 dhcp-snooping 50 GigabitEthernet1/0/27
48:7A:55:1F:25:FC 10.4.2.56 1810 dhcp-snooping 50 GigabitEthernet1/0/11
48:7A:55:1F:25:A9 10.4.2.246 3033 dhcp-snooping 50 GigabitEthernet1/0/16
00:15:5D:F6:16:00 192.168.246.59 515052 dhcp-snooping 246 GigabitEthernet1/0/14
00:23:24:D9:FE:5A 192.168.246.95 618106 dhcp-snooping 246 GigabitEthernet1/0/26
48:7A:55:1F:25:AD 10.4.4.166 1810 dhcp-snooping 50 GigabitEthernet1/0/23
48:7A:55:1F:25:E5 10.4.4.71 3567 dhcp-snooping 50 GigabitEthernet1/0/42
48:7A:55:1F:30:49 10.4.1.59 3566 dhcp-snooping 50 GigabitEthernet1/0/10
38:F3:AB:FE:7D:8A 192.168.246.144 601597 dhcp-snooping 246 GigabitEthernet1/0/29
E4:54:E8:50:D5:0A 192.168.246.67 621762 dhcp-snooping 246 GigabitEthernet1/0/4
E4:7F:B2:16:02:B1 192.168.246.12 685463 dhcp-snooping 246 GigabitEthernet1/0/6
00:E0:4C:36:01:E9 192.168.246.134 433348 dhcp-snooping 246 GigabitEthernet1/0/1
48:7A:55:1F:25:D8 10.4.2.239 1810 dhcp-snooping 50 GigabitEthernet1/0/22
00:23:24:D8:EB:CC 192.168.246.25 616316 dhcp-snooping 246 GigabitEthernet1/0/29
50:65:F3:3F:CD:20 192.168.246.36 686970 dhcp-snooping 246 GigabitEthernet1/0/34
54:BF:64:A5:02:20 192.168.246.133 680404 dhcp-snooping 246 GigabitEthernet1/0/17
38:F3:AB:FE:76:B2 192.168.246.143 531384 dhcp-snooping 246 GigabitEthernet1/0/29
54:BF:64:A5:56:85 192.168.246.87 681030 dhcp-snooping 246 GigabitEthernet1/0/16
00:23:24:DA:01:3D 192.168.246.151 604657 dhcp-snooping 246 GigabitEthernet1/0/22
00:4E:01:A0:89:CB 192.168.246.22 515036 dhcp-snooping 246 GigabitEthernet1/0/14
48:7A:55:1F:30:0B 10.4.2.224 1810 dhcp-snooping 50 GigabitEthernet1/0/34
Total number of bindings: 25
S1#
S1#show ip arp inspection statistics vlan 20
Vlan Forwarded Dropped DHCP Drops ACL Drops
---- --------- ------- ---------- ---------
20 115086 76 76 0
Vlan DHCP Permits ACL Permits Probe Permits Source MAC Failures
---- ------------ ----------- ------------- -------------------
20 76 0 0 0
Vlan Dest MAC Failures IP Validation Failures Invalid Protocol Data
---- ----------------- ---------------------- ---------------------
20 0 0 0
S1#
S1#
S1#
S1#show ip arp inspection statistics vlan 20
Source Mac Validation : Disabled
Destination Mac Validation : Disabled
IP Address Validation : Disabled
Vlan Configuration Operation ACL Match Static ACL
---- ------------- --------- --------- ----------
20 Enabled Active
Vlan ACL Logging DHCP Logging Probe Logging
---- ----------- ------------ -------------
20 Deny Deny Off
S1#
S1#show ip arp inspection
Source Mac Validation : Disabled
Destination Mac Validation : Disabled
IP Address Validation : Disabled
Vlan Configuration Operation ACL Match Static ACL
---- ------------- --------- --------- ----------
1 Enabled Active
2 Enabled Inactive
3 Enabled Inactive
4 Enabled Inactive
5 Enabled Inactive
6 Enabled Inactive
7 Enabled Inactive
8 Enabled Inactive
9 Enabled Inactive
10 Enabled Inactive
11 Enabled Inactive
12 Enabled Inactive
13 Enabled Inactive
14 Enabled Inactive
15 Enabled Inactive
16 Enabled Inactive
17 Enabled Inactive
18 Enabled Inactive
19 Enabled Inactive
20 Enabled Active
21 Enabled Active
24 Enabled Active
96 Enabled Active
98 Enabled Active
99 Enabled Active
200 Enabled Active
210 Enabled Active
219 Enabled Active
231 Enabled Active
232 Enabled Active
235 Enabled Active
236 Enabled Active
237 Enabled Active
20 Enabled Active
241 Enabled Active
242 Enabled Active
243 Enabled Active
244 Enabled Active
245 Enabled Active
Vlan ACL Logging DHCP Logging Probe Logging
---- ----------- ------------ -------------
1 Deny Deny Off
2 Deny Deny Off
3 Deny Deny Off
4 Deny Deny Off
5 Deny Deny Off
6 Deny Deny Off
7 Deny Deny Off
8 Deny Deny Off
9 Deny Deny Off
10 Deny Deny Off
11 Deny Deny Off
12 Deny Deny Off
13 Deny Deny Off
14 Deny Deny Off
15 Deny Deny Off
16 Deny Deny Off
17 Deny Deny Off
18 Deny Deny Off
19 Deny Deny Off
20 Deny Deny Off
21 Deny Deny Off
24 Deny Deny Off
96 Deny Deny Off
98 Deny Deny Off
99 Deny Deny Off
200 Deny Deny Off
210 Deny Deny Off
219 Deny Deny Off
231 Deny Deny Off
232 Deny Deny Off
235 Deny Deny Off
236 Deny Deny Off
237 Deny Deny Off
20 Deny Deny Off
241 Deny Deny Off
242 Deny Deny Off
243 Deny Deny Off
244 Deny Deny Off
245 Deny Deny Off
Vlan Forwarded Dropped DHCP Drops ACL Drops
---- --------- ------- ---------- ---------
1 0 0 0 0
2 0 0 0 0
3 0 0 0 0
4 0 0 0 0
5 0 0 0 0
6 0 0 0 0
7 0 0 0 0
8 0 0 0 0
9 0 0 0 0
10 0 0 0 0
11 0 0 0 0
12 0 0 0 0
13 0 0 0 0
14 0 0 0 0
15 0 0 0 0
16 0 0 0 0
17 0 0 0 0
18 0 0 0 0
19 0 0 0 0
20 0 0 0 0
21 0 0 0 0
24 571187 0 0 0
96 1972445 0 0 0
98 50118 0 0 0
99 1100204 0 0 0
200 42437 0 0 0
210 0 0 0 0
219 66629 25 25 0
231 18548 0 0 0
232 17068 0 0 0
235 29163 0 0 0
236 304770 0 0 0
237 56382 0 0 0
20 115088 76 76 0
241 183787 0 0 0
242 66436 0 0 0
243 30331 0 0 0
244 350567 0 0 0
245 53708 0 0 0
Vlan DHCP Permits ACL Permits Probe Permits Source MAC Failures
---- ------------ ----------- ------------- -------------------
1 0 0 0 0
2 0 0 0 0
3 0 0 0 0
4 0 0 0 0
5 0 0 0 0
6 0 0 0 0
7 0 0 0 0
8 0 0 0 0
9 0 0 0 0
10 0 0 0 0
11 0 0 0 0
12 0 0 0 0
13 0 0 0 0
14 0 0 0 0
15 0 0 0 0
16 0 0 0 0
17 0 0 0 0
18 0 0 0 0
19 0 0 0 0
20 0 0 0 0
21 0 0 0 0
24 0 0 0 0
96 0 0 0 0
98 0 0 0 0
99 0 0 0 0
200 0 0 0 0
210 0 0 0 0
219 0 0 3 0
231 0 0 0 0
232 0 0 0 0
235 0 0 0 0
236 0 0 0 0
237 0 0 0 0
20 76 0 0 0
241 0 0 0 0
242 0 0 0 0
243 0 0 0 0
244 0 0 0 0
245 0 0 0 0
Vlan Dest MAC Failures IP Validation Failures Invalid Protocol Data
---- ----------------- ---------------------- ---------------------
1 0 0 0
2 0 0 0
3 0 0 0
4 0 0 0
5 0 0 0
6 0 0 0
7 0 0 0
8 0 0 0
9 0 0 0
10 0 0 0
11 0 0 0
12 0 0 0
13 0 0 0
14 0 0 0
15 0 0 0
16 0 0 0
17 0 0 0
18 0 0 0
19 0 0 0
20 0 0 0
21 0 0 0
24 0 0 0
96 0 0 0
98 0 0 0
99 0 0 0
200 0 0 0
210 0 0 0
219 0 0 0
231 0 0 0
232 0 0 0
235 0 0 0
236 0 0 0
237 0 0 0
20 0 0 0
241 0 0 0
242 0 0 0
243 0 0 0
244 0 0 0
245 0 0 0
S1#
S1#
S1#
S1#
S1#
S1#
S1#
S1#show ip arp inspection interfaces
Interface Trust State Rate (pps) Burst Interval
--------------- ----------- ---------- --------------
Gi1/0/1 Untrusted 100 1
Gi1/0/2 Untrusted 100 1
Gi1/0/3 Untrusted 100 1
Gi1/0/4 Untrusted 100 1
Gi1/0/5 Untrusted 100 1
Gi1/0/6 Untrusted 100 1
Gi1/0/7 Untrusted 100 1
Gi1/0/8 Untrusted 100 1
Gi1/0/9 Untrusted 100 1
Gi1/0/10 Untrusted 100 1
Gi1/0/11 Untrusted 100 1
Gi1/0/12 Untrusted 100 1
Gi1/0/13 Untrusted 100 1
Gi1/0/14 Untrusted 100 1
Gi1/0/15 Untrusted 100 1
Gi1/0/16 Untrusted 100 1
Gi1/0/17 Untrusted 100 1
Gi1/0/18 Untrusted 100 1
Gi1/0/19 Untrusted 100 1
Gi1/0/20 Untrusted 100 1
Gi1/0/21 Untrusted 100 1
Gi1/0/22 Untrusted 100 1
Gi1/0/23 Untrusted 100 1
Gi1/0/24 Untrusted 100 1
Gi1/0/25 Untrusted 100 1
Gi1/0/26 Untrusted 100 1
Gi1/0/27 Untrusted 100 1
Gi1/0/28 Untrusted 100 1
Gi1/0/29 Untrusted 100 1
Gi1/0/30 Untrusted 100 1
Gi1/0/31 Untrusted 100 1
Gi1/0/32 Untrusted 100 1
Gi1/0/33 Untrusted 100 1
Gi1/0/34 Untrusted 100 1
Gi1/0/35 Untrusted 100 1
Gi1/0/36 Untrusted 100 1
Gi1/0/37 Untrusted 100 1
Gi1/0/38 Untrusted 100 1
Gi1/0/39 Untrusted 100 1
Gi1/0/40 Untrusted 100 1
Gi1/0/41 Untrusted 100 1
Gi1/0/42 Untrusted 100 1
Gi1/0/43 Untrusted 100 1
Gi1/0/44 Untrusted 100 1
Gi1/0/45 Untrusted 100 1
Gi1/0/46 Untrusted 100 1
Gi1/0/47 Untrusted 100 1
Gi1/0/48 Untrusted 100 1
Gi1/0/49 Untrusted 15 1
Gi1/0/50 Untrusted 15 1
Te1/0/1 Trusted None N/A
Te1/0/2 Trusted None N/A
Te1/1/1 Untrusted 15 1
Te1/1/2 Untrusted 15 1
Po13 Trusted None N/A
S1#
S1#
S1#
S1#
S1#
S1#
S1#show ip interface status
Port Name Status Vlan Duplex Speed Type
Gi1/0/1 connected 246 a-full a-100 10/100/1000BaseTX
Gi1/0/2 notconnect 246 auto auto 10/100/1000BaseTX
Gi1/0/3 notconnect 246 auto auto 10/100/1000BaseTX
Gi1/0/4 connected 246 a-full a-1000 10/100/1000BaseTX
Gi1/0/5 notconnect 246 auto auto 10/100/1000BaseTX
Gi1/0/6 connected 246 a-full a-100 10/100/1000BaseTX
Gi1/0/7 notconnect 246 auto auto 10/100/1000BaseTX
Gi1/0/8 connected 246 a-full a-1000 10/100/1000BaseTX
Gi1/0/9 notconnect 246 auto auto 10/100/1000BaseTX
Gi1/0/10 connected 3050 a-full a-1000 10/100/1000BaseTX
Gi1/0/11 connected 246 a-full a-1000 10/100/1000BaseTX
Gi1/0/12 notconnect 246 auto auto 10/100/1000BaseTX
Gi1/0/13 notconnect 246 auto auto 10/100/1000BaseTX
Gi1/0/14 connected 246 a-full a-1000 10/100/1000BaseTX
Gi1/0/15 notconnect 246 auto auto 10/100/1000BaseTX
Gi1/0/16 connected 246 a-full a-100 10/100/1000BaseTX
Gi1/0/17 connected 246 a-full a-1000 10/100/1000BaseTX
Gi1/0/18 notconnect 246 auto auto 10/100/1000BaseTX
Gi1/0/19 notconnect 246 auto auto 10/100/1000BaseTX
Gi1/0/20 connected 246 a-full a-1000 10/100/1000BaseTX
Gi1/0/21 notconnect 246 auto auto 10/100/1000BaseTX
Gi1/0/22 connected 246 a-full a-1000 10/100/1000BaseTX
Gi1/0/23 connected 246 a-full a-1000 10/100/1000BaseTX
Gi1/0/24 connected 246 a-full a-1000 10/100/1000BaseTX
Gi1/0/25 connected 246 a-full a-1000 10/100/1000BaseTX
Gi1/0/26 connected 246 a-full a-10 10/100/1000BaseTX
Gi1/0/27 connected 246 a-full a-1000 10/100/1000BaseTX
Gi1/0/28 notconnect 246 auto auto 10/100/1000BaseTX
Gi1/0/29 connected 246 a-full a-1000 10/100/1000BaseTX
Gi1/0/30 notconnect 246 auto auto 10/100/1000BaseTX
Gi1/0/31 connected 246 a-full a-1000 10/100/1000BaseTX
Gi1/0/32 notconnect 246 auto auto 10/100/1000BaseTX
Gi1/0/33 notconnect 246 auto auto 10/100/1000BaseTX
Gi1/0/34 connected 246 a-full a-1000 10/100/1000BaseTX
Gi1/0/35 connected 246 a-full a-1000 10/100/1000BaseTX
Gi1/0/36 notconnect 246 auto auto 10/100/1000BaseTX
Gi1/0/37 connected 246 a-full a-1000 10/100/1000BaseTX
Gi1/0/38 notconnect 246 auto auto 10/100/1000BaseTX
Gi1/0/39 connected 246 a-full a-1000 10/100/1000BaseTX
Gi1/0/40 notconnect 246 auto auto 10/100/1000BaseTX
Gi1/0/41 notconnect 246 auto auto 10/100/1000BaseTX
Gi1/0/42 connected 246 a-full a-1000 10/100/1000BaseTX
Gi1/0/43 notconnect 246 auto auto 10/100/1000BaseTX
Gi1/0/44 notconnect 246 auto auto 10/100/1000BaseTX
Gi1/0/45 notconnect 246 auto auto 10/100/1000BaseTX
Gi1/0/46 notconnect 246 auto auto 10/100/1000BaseTX
Gi1/0/47 notconnect 246 auto auto 10/100/1000BaseTX
Gi1/0/48 notconnect 246 auto auto 10/100/1000BaseTX
Te1/0/1 connected trunk full 10G SFP-10GBase-SR
Te1/0/2 notconnect 1 full 10G Not Present
Po13 connected trunk a-full 10G
Fa0 disabled routed auto auto 10/100BaseTX
S1#
S1#
S1#
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-02-2023 03:52 AM
434603 <<- there is huge different in lease time ??
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-02-2023 04:18 AM
Indeed, the system team wants leases to be 1 week or even more
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide