DAI Configuration Samples
Step 5
Check the statistics before and after DAI processes any packets:
RouterA# show ip arp inspection statistics vlan 1
Vlan
----
1
Vlan
----
1
Vlan
----
1
RouterA#
If Host 1 then sends out two ARP requests with an IP address of 1.1.1.2 and a MAC address of
0002.0002.0002, both requests are permitted, as reflected in the following statistics:
RouterA# show ip arp inspection statistics vlan 1
Vlan
----
1
Vlan
----
1
Vlan
----
1
RouterA#
If Host 1 then tries to send an ARP request with an IP address of 1.1.1.3, the packet is dropped and an
error message is logged:
00:12:08: %SW_DAI-4-DHCP_SNOOPING_DENY: 2 Invalid ARPs (Req) on Fa6/4, vlan
1.([0002.0002.0002/1.1.1.3/0000.0000.0000/0.0.0.0/02:42:35 UTC Tue Jul 10 2001])
RouterA# show ip arp inspection statistics vlan 1
RouterA#
The statistics will display as follows:
Vlan
----
1
Vlan
----
1
Vlan
----
1
RouterA#
Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX
38-18
Forwarded
Dropped
---------
-------
0
DHCP Permits
ACL Permits
------------
-----------
0
Dest MAC Failures
IP Validation Failures
-----------------
----------------------
0
Forwarded
Dropped
---------
-------
2
DHCP Permits
ACL Permits
------------
-----------
2
Dest MAC Failures
IP Validation Failures
-----------------
----------------------
0
Forwarded
Dropped
---------
-------
2
DHCP Permits
ACL Permits
------------
-----------
2
Dest MAC Failures
IP Validation Failures
-----------------
----------------------
0
Chapter 38
DHCP Drops
ACL Drops
----------
----------
0
0
Source MAC Failures
-------------------
0
0
0
DHCP Drops
ACL Drops
----------
----------
0
0
Source MAC Failures
-------------------
0
0
0
DHCP Drops
ACL Drops
----------
----------
2
2
Source MAC Failures
-------------------
0
0
0
Configuring Dynamic ARP Inspection
0
0
0
OL-4266-08