hi DANIEL
ip arp inspection relies on the entries in the DHCP snooping binding database to
verify IP-to-MAC address bindings. Configure each secure interface as trusted using the
ip arp inspection trust interface configuration command. The trusted interfaces bypass
the ARP inspection validation checks, and all other packets are subject to inspection when
they arrive on untrusted interfaces.
In non-DHCP environments, because there is no DHCP snooping binding database, the
DAI can validate ARP packets against a user-defined ARP ACL to map hosts with a
statically configured IP address to their MAC address, so this one aplly on ur case !!
Use the arp access-list [acl-name] command from the global configuration mode on
the switch to define an ARP ACL and apply the ARP ACL to the specified VLANs on the
switch
have a look at the following example, which configure an ARP ACL to permit ARP packets from host IP
address 10.1.1.11 with MAC address 0011.0011.0011 and how to apply this ACL to VLAN 5
with the interface configured as untrusted
Switch(config)# arp access-list arpacl
Switch(config-arp-acl)# permit ip host 10.1.1.11 mac host 0011.0011.0011
Switch(config-arp-acl)# exit
Switch(config)# ip arp inspection filter arpacl vlan 5
Switch(config)# interface GigabitEthernet1/0/2
Switch(config-if)# no ip arp inspection trust
i think this will solve ur issue :)
good luck
if helpful Rate