Kings, Two ways you can do it:
1: SW1(config-arp-nacl)ip access-list ext TEST SW1(config-arp-nacl)#permit ip host 192.168.1.1 mac host 0000.0000.0001 SW1(config-arp-nacl)#exit SW1(config)#ip arp inspection filter TEST vlan 50 2: SW1(config)#ip arp inspection filter ARP-TEST vlan 50 static The first will fallback to the DHCP binding database. The Second will not. Is this what you are doing? Regards, Brandon Carroll - CCIE #23837 Senior Technical Instructor - IPexpert Mailto: [email protected] Telephone: +1.810.326.1444 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com On Mar 31, 2010, at 1:56 AM, Kingsley Charles wrote: > Hi all > > DAI validates the ARP packets using ip dhcp snooping. In Non-DHCP, > environments, we need to use ARP access-lists. > > Isn't it possible to use manual DHCP snooping binding instead of ARP > access-lists? > > We can create a manual snooping binding with the following command: > > "ip dhcp snooping binding" > > But the ARP inspection doesn't seem to work with manual binding. > > Any thoughts/experiences is this regard? > > > > > > With regards > Kings > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
