Dynamic ARP Inspection Configuration
520
G8264 Command Reference for ENOS 8.4
Dynamic ARP Inspection (DAI) is a security feature that enables the device to
intercept and examine all ARP request and response packets in a subnet and
discard those packets with invalid IP to MAC address bindings.
DAI uses information gathered by DHCP Snooping to validate ARP information
that travels through ports marked as being not trusted.
Table 270.
Dynamic ARP Inspection Configuration Options
Command Syntax and Usage
[no] ip arp inspection vlan <VLAN ID (1‐4094)>
Enables or disables DAI on the selected VLANs.
Command mode: Global configuration
[no] ip arp inspection trust
Configures the current port to be a DAI trusted port. On a DAI trusted port, all
ARP packets skip the security check.
The default settings is untrusted.
Note: Configuring trusted interfaces as being untrusted can result in a loss of
connectivity.
Command mode: Interface port
[no] logging log arpinspection
Enables or disables logging for DAI.
The default setting is enabled.
Command mode: Global configuration
show ip arp inspection
Displays the current DAI configuration settings. For mode details, see page
Command mode: All
97.