Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1626
Views
0
Helpful
1
Replies

IP ARP inspection on trunk ports?

Andy White
Level 3
Level 3

‎10-14-2013 08:46 AM - edited ‎03-07-2019 04:01 PM

Hello,

Should I be trusting ARP on trunk ports?  I have a couple of switches that are trunked and one of the switches it providing DHCP to hosts on both switches, I have IP DHCP snooping already running on both, but isn't trusting ARP on the trunk basically saying I trust all?

I think I just need to know the rules of DHCP snooping and ARP inspection on trunk ports.

Thanks

Labels:
0 Helpful
1 Reply 1

Rolf Fischer
Level 9
Level 9

‎10-14-2013 11:16 AM

Hi Andy,

since DAI uses the DHCP snooping binding table to check if an ARP packet is valid or not, you'll also need to configure DAI trusting on trunks (no DHCP snooping bindings on trusted interfaces).

From the c2960 12.2(55)SE configuration guide:

In a typical network configuration, you configure all switch ports connected to host ports as untrusted and configure all switch ports connected to switches as trusted.

HTH

Rolf

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card