Showing results for 
Search instead for 
Did you mean: 

IP ARP Inspection in non-DHCP environment


I have implemented "arp inspection" on LAN. We have around thousand users in VLAN 100 (diagram attached) and the reason I have implemented "arp inspection" besides arp spoofing to bound clients/users to not change their ip addresses and machines/mac-addresses.

In ARP INSPECTION ACL I have added clients who are behind the router and bind them against single mac-address. (I hope diagram will help you to understand the scenario).

At my end (in real scenario) ARP ACL performing perfectly for those who are in VLAN 100, but performaing abnormally with those who are behind the router.I have not added those clients in ARP ACL but still those clients are working fine.

My question is, does users (behind the router) must be required to added in ARP ACL? In my lab it blocked all the traffic of those clients who are behind the router until I need to added them in ARP ACL.

I am using 3550 with "c3550-ipservicesk9-mz.122-25.SEB4.bin".

Please feel free to ask if you have any query

Many thanks in advance.

Best Regards,



Please reply.



Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: