© Copyright Lenovo 2016
The DHCP Snooping binding tables will be similar to the following:
Mac Address IP Address Lease(seconds) Type VLAN
Interface
00:00:00:00:00:01 Host1_IP 1000 Dynamic 2 3
00:00:00:00:00:02 Host2_IP 2000 Dynamic 2 2
Total number of bindings: 2
SwitchB#show ip dhcp snooping binding
Mac Address IP Address Lease(seconds) Type VLAN
Interface
00:00:00:00:00:02 Host2_IP 2000 Dynamic 2 3
Total number of bindings: 1
SwitchA# show ip dhcp snooping binding
SwitchA# show ip arp inspection vlan
Vlan
2
SwitchA# show ip arp inspection interfaces
Interface
...
SwitchA# show ip arp inspection statistics
Vlan
2
When Host 1 tries to send an ARP with an IP address of 1.1.1.3 that is not present in
the DHCP Binding table, the packet is dropped and an error message similar to the
following is logged:
"Dec 16 21:00:10 192.168.49.50 NOTICE ARPInspection: Invalid
ARP Request on port 3, VLAN 2
([00:02:00:02:00:02/1.1.1.3/00:00:00:00:00:00/1.1.1.4])"
Output of show commands:
Configuration
Enabled
Trust State
1Trusted
2Trusted
3Untrusted
4Untrusted
ForwardedDropped
100 200
Chapter 24: Dynamic ARP Inspection
409