Configuring Dai; Enabling Or Disabling Dai On Vlans - Cisco Nexus 9000 Series Configuration Manual
Nx-os security configuration guide, release 9.x
Hide thumbs
Also See for Nexus 9000 Series:
- Configuration manual (276 pages) ,
- Troubleshooting manual (126 pages) ,
- Quick start configuration manual (6 pages)
Table of Contents
Advertisement
Configuring DAI
Parameters
Interface trust state
Validation checks
Log buffer
Per-VLAN logging
Configuring DAI
Enabling or Disabling DAI on VLANs
You can enable or disable DAI on VLANs. By default, DAI is disabled on all VLANs.
Before you begin
Make sure that the DHCP feature is enabled.
Make sure that the VLANs on which you want to enable DAI are configured.
Make sure that the ACL TCAM region size for DAI (arp-ether) is configured.
SUMMARY STEPS
1. configure terminal
2. [no] ip arp inspection vlan vlan-list
3. (Optional) show ip arp inspection vlan vlan-id
4. (Optional) copy running-config startup-config
DETAILED STEPS
Command or Action
Step 1
configure terminal
Example:
switch# configure terminal
switch(config)#
Step 2
[no] ip arp inspection vlan vlan-list
Example:
switch(config)# ip arp inspection vlan 13
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
394
Default
All interfaces are untrusted.
No checks are performed.
When DAI is enabled, all denied or dropped ARP packets are logged.
The number of entries in the log is 32.
The number of system messages is limited to 5 per second.
The logging-rate interval is 1 second.
All denied or dropped ARP packets are logged.
Purpose
Enters global configuration mode.
Enables DAI for the specified list of VLANs. The no option
disables DAI for the specified VLANs.
Configuring Dynamic ARP Inspection
- Quick Links:
- Radius and Tacacs+ Security Protocols
Hide quick links:
Advertisement
Table of Contents
