Sunday, August 9, 2020

Dynamic ARP Inspection

 DAI: https://youtu.be/gaUVWh6sSag

- Uses DHCP Snooping table

- Configured using " ip arp inspection vlan 30"

- We can use "ip arp inspect trust" to disable ARP inspection on a particular port

    For Ex. if we have a port connected to a Switch which has a static IP address configured, 

that Switch's IP address/MAC address info will not be captured in DHCP snooping table.

So, any packet coming from that router cannot be checked for ARP inspection. In such cases, it would make sense to configure

such ports as "trusted" using "ip arp inspect trust" to allow traffic from the router without going through ARP inspection.

- Use CLI "show ip arp inspection vlan 30"

No comments:

Post a Comment