Configuring dynamic arp inspection – Dell POWEREDGE M1000E User Manual

Snooping and Inspecting Traffic

823

Configuring Dynamic ARP Inspection

Beginning in Privileged EXEC mode, use the following commands to

configure DAI settings on the switch.

Command

Purpose

configure

Enter global configuration mode.

ip arp inspection vlan

vlan-range [logging]

Enable Dynamic ARP Inspection on a single VLAN or a

range of VLANs. Use the logging keyword to enable

logging of invalid packets.

ip arp inspection

validate {[src-mac] [dst-

mac] [ip]}

Enable additional validation checks like source MAC

address validation, destination MAC address validation, or

IP address validation on the received ARP packets.
Each command overrides the configuration of the

previous command. For example, if a command enables

source MAC address and destination validations and a

second command enables IP address validation only, the

source MAC address and destination MAC address

validations are disabled as a result of the second

command.

• src-mac—For validating the source MAC address of an

ARP packet.

• dst-mac—For validating the destination MAC address of

an ARP packet.

• ip—For validating the IP address of an ARP packet.

arp access-list

acl-name Create an ARP ACL with the specified name (1–31

characters) and enter ARP Access-list Configuration mode

for the ACL.

permit ip host

sender-ip

mac host

sender-mac

Configure a rule for a valid IP address and MAC address

combination used in ARP packet validation.

•

sender-ip — Valid IP address used by a host.

•

sender-mac —Valid MAC address in combination with

the above sender-ip used by a host.

exit

Exit to Global Config mode.