Users Guide
DAI violation logging
You can configure the system to log DAI validation failures corresponding to ARP packets. DAI violations are logged at the
console if it is enabled. DAI violation logging is disabled by default.
If you configure an interface as trusted, the switch interprets ARP packets that ingress the interface from hosts as legitimate
packets. By default, all interfaces are in DAI untrusted state.
For DAI to work, enable the DHCP snooping feature on the switch. DAI is disabled by default.
DAI statistics
The system maintains DAI statistics that contain the following details:
● Valid ARP requests
● Invalid ARP requests
● Valid ARP replies
● Invalid ARP replies
You can clear the DAI statistics using the clear ip arp inspection statistics command.
DAI trusted interfaces
By default, all ports are untrusted and all packets go through the DAI validation process on all DAI-enabled VLANs. You can
configure an interface to bypass ARP inspection by configuring the interface as trusted.
NOTE: Dell EMC Networking recommends configuring the arp inspection-trust command on the DHCP snooping
trusted interfaces when DAI is enabled for a VLAN.
Restrictions for Dynamic ARP Inspection
● Dynamic ARP Inspection with VxLAN bridges is not supported.
● Maximum number of recommended Dynamic ARP Inspection entries is 2000.
Enable Dynamic ARP Inspection
● Enable DHCP snooping. For more information about configuring DHCP snooping, see DHCP snooping.
● Enable Dynamic ARP Inspection on a VLAN in INTERFACE VLAN mode.
arp inspection
Enable Dynamic ARP Inspection violation logging
● Use the following command in CONFIGURATION mode:
arp inspection violation logging
Bypass Dynamic ARP Inspection on an interface
● Use the following command in INTERFACE mode:
arp inspection-trust
Clear DAI statistics
● Clear DAI statistics in EXEC mode.
clear ip arp inspection statistics [vlan vlan-name]
View DAI database
● View DAI database in EXEC mode
show ip arp inspection database [vlan vlan-name]
Use the vlan option to view DAI database for a specific VLAN.
Example for viewing DAI database
OS10# show ip arp inspection database
Number of entries : 828
312
System management