Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
523
Views
4
Helpful
2
Replies

Dynamic ARP Inspection

omar.elmohri
Level 1
Level 1

‎09-22-2008 03:58 AM - edited ‎03-06-2019 01:30 AM

I want to use the DAI, but I'm not using neither DHCP Snooping nor DHCP server.

Can it works without static bindings.

Regards,

Labels:
0 Helpful
2 Replies 2

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎09-22-2008 09:08 AM

Hello Omar,

DAI should work also without DHCP snooping you need to define manually the assocations IP addresses / MAC addresses

ip arp inspection filter arp-acl-name

vlan vlan-range [static]

Global command to refer to an ARP ACL that defines static

IP/MAC addresses to be checked by DAI for that VLAN

To permit ARPs from hosts that are configured for static IP when DAI is enabled and to define an ARP access list and apply it to a VLAN, use the ip arp inspection filter vlan command in global configuration mode. To disable this application, use the no form of this command.

ip arp inspection filter arp-acl-name vlan vlan-range [static]

no ip arp inspection filter arp-acl-name vlan vlan-range [static]

then you need to define an arp access-list that allows to specify the associations

Hope to help

Giuseppe

omar.elmohri
Level 1
Level 1
In response to Giuseppe Larosa

‎09-23-2008 02:21 AM

Hello Giuseppe,

Thanks for your reply. I see how to make it static, but what I want to verify is if the database of pairs (IP/MAC) can be formed automaticaly. And you reply says that NO.

Thanks,

Best Regards,

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card