DAI Configuration Samples
To clear or display DAI statistics, use the privileged EXEC commands in
Table 38-3 Commands for Clearing or Displaying DAI Statistics
Command
clear ip arp inspection statistics
show ip arp inspection statistics [vlan
vlan_range]
For the show ip arp inspection statistics command, the router increments the number of forwarded
packets for each ARP request and response packet on a trusted DAI port. The router increments the
number of ACL-permitted or DHCP-permitted packets for each packet that is denied by source MAC,
destination MAC, or IP validation checks, and the router increments the appropriate failure count.
To clear or display DAI logging information, use the privileged EXEC commands in
Table 38-4 Commands for Clearing or Displaying DAI Logging Information
Command
clear ip arp inspection log
show ip arp inspection log
DAI Configuration Samples
This section includes these samples:
•
•
Sample One: Two Switches Support DAI
This procedure shows how to configure DAI when two routers support this feature. Host 1 is connected
to Router A, and Host 2 is connected to Router B as shown in
are running DAI on VLAN 1 where the hosts are located. A DHCP server is connected to Router A. Both
hosts acquire their IP addresses from the same DHCP server. Router A has the bindings for Host 1 and
Host 2, and Router B has the binding for Host 2. Router A Fast Ethernet port 6/3 is connected to the
Router B Fast Ethernet port 3/3.
Note
•
•
Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX
38-16
Sample One: Two Switches Support DAI, page 38-16
Sample Two: One Switch Supports DAI, page 38-21
DAI depends on the entries in the DHCP snooping binding database to verify IP-to-MAC address
bindings in incoming ARP requests and ARP responses. Make sure to enable DHCP snooping to
permit ARP packets that have dynamically assigned IP addresses. For configuration information, see
Chapter 37, "Configuring DHCP Snooping."
This configuration does not work if the DHCP server is moved from Router A to a different location.
Chapter 38
Description
Clears DAI statistics.
Displays statistics for forwarded, dropped, MAC
validation failure, IP validation failure, ACL
permitted and denied, and DHCP permitted and
denied packets for the specified VLAN. If no
VLANs are specified or if a range is specified,
displays information only for VLANs with DAI
enabled (active).
Description
Clears the DAI log buffer.
Displays the configuration and contents of the DAI log buffer.
Figure 38-2 on page
Configuring Dynamic ARP Inspection
Table
38-3.
Table
38-4:
38-4. Both routers
OL-4266-08