Configuring The Dai Interface Trust State; Applying Arp Acls For Dai Filtering - Cisco 7604 Configuration Manual
Ios software configuration guide
Hide thumbs
Also See for 7604:
- Configuration manual (742 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
Configuring DAI
Vlan
----
10
11
12
15
Configuring the DAI Interface Trust State
The router forwards ARP packets that it receives on a trusted interface, but does not check them.
On untrusted interfaces, the router intercepts all ARP requests and responses. It verifies that the
intercepted packets have valid IP-to-MAC address bindings before updating the local cache and before
forwarding the packet to the appropriate destination. The router drops invalid packets and logs them in
the log buffer according to the logging configuration specified with the ip arp inspection vlan logging
global configuration command. For more information, see the
page
To configure the DAI interface trust state, perform this task:
Command
Step 1
Router# configure terminal
Step 2
Router(config)# interface { type
port-channel number }
Step 3
Router(config-if)# ip arp inspection trust
Router(config)# no ip arp inspection trust
Step 4
Router(config-if)# do show ip arp inspection
interfaces
1.
type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet
This example shows how to configure Fast Ethernet port 5/12 as trusted:
Router# configure terminal
Enter configuration commands, one per line.
Router(config)# interface fastethernet 5/12
Router(config-if)# ip arp inspection trust
Router(config-if)# do show ip arp inspection interfaces | include Int|--|5/12
Interface
---------------
Fa5/12
Applying ARP ACLs for DAI Filtering
Note
See the Cisco IOS Master Command List, Release 12.2SX, for information about the arp access-list
command.
Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX
38-8
ACL Logging
DHCP Logging
-----------
------------
Deny
Deny
Deny
Deny
Deny
Deny
Deny
Deny
38-13.
1
slot/port |
Trust State
-----------
Trusted
Chapter 38
"Configuring DAI Logging" section on
Purpose
Enters global configuration mode.
Specifies the interface connected to another router, and
enter interface configuration mode.
Configures the connection between routers as trusted
(default: untrusted).
Configures the connection between routers as untrusted.
Verifies the DAI configuration.
End with CNTL/Z.
Rate (pps)
Burst Interval
----------
--------------
None
Configuring Dynamic ARP Inspection
N/A
OL-4266-08
- Quick Links:
- Supported Hardware and Software
Hide quick links:
Advertisement
Chapters
Table of Contents
