Dynamic ARP Inspection (DAI)

Dynamic ARP Inspection (DAI)

Dynamic ARP Inspection (DAI) has following characteristics

– Enable DHCP shooping first
– Create ARP ACL for static IPs
– By default all ports are untrusted when feature is enabled
– 15 PPS rate-limit for untrusted ports by default

ip arp inspection vlan 13
interface GigabitEthernet1/0/33
ip arp inspection trust
interface GigabitEthernet1/0/34
ip arp inspection limit 10

arp access-list TEST-ARP-ACL
permit ip host 10.10.10.10 mac AAAA.BBBB.CCCC 0.0.0
ip arp inspection filter TEST-ARP-ACL vlan 13

errdisable recovery cause arp-inspection
errdisable recovery interval 30

ip arp inspection validate src-mac dst-mac ip

show arp access-list
show ip arp inspection vlan 13
show ip arp inspection statistics vlan 13
show interface status err-disabled
Comments are closed.