Hi Brandon You have answered to my another mail thread with the subject "ARP access-list with static". Thx
My question In Non-DHCP environments, ip dhcp snooping won't work. Hence we need to add the static IP address/MAC mappings using the arp access-lists for arp inspection. We can also add static mappings using "ip dhcp snooping binding". But arp inspection is not working with static mappings using "ip dhcp snooping binding". With regards Kings On Wed, Mar 31, 2010 at 8:44 PM, Brandon Carroll <[email protected]>wrote: > Kings, > > Two ways you can do it: > > 1: > > SW1(config-arp-nacl)ip access-list ext TEST > > SW1(config-arp-nacl)#permit ip host 192.168.1.1 mac host 0000.0000.0001 > > SW1(config-arp-nacl)#exit > SW1(config)#ip arp inspection filter TEST vlan 50 > > > 2: > > SW1(config)#ip arp inspection filter ARP-TEST vlan 50 static > > > The first will fallback to the DHCP binding database. The Second will not. > > Is this what you are doing? > > Regards, > > Brandon Carroll - CCIE #23837 > Senior Technical Instructor - IPexpert > Mailto: [email protected] > Telephone: +1.810.326.1444 > Live Assistance, Please visit: www.ipexpert.com/chat > eFax: +1.810.454.0130 > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > > On Mar 31, 2010, at 1:56 AM, Kingsley Charles wrote: > > Hi all > > DAI validates the ARP packets using ip dhcp snooping. In Non-DHCP, > environments, we need to use ARP access-lists. > > Isn't it possible to use manual DHCP snooping binding instead of ARP > access-lists? > > We can create a manual snooping binding with the following command: > > "ip dhcp snooping binding" > > But the ARP inspection doesn't seem to work with manual binding. > > Any thoughts/experiences is this regard? > > > > > > With regards > Kings > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
