Dynamic ARP Inspection

Unanswered Question
Sep 22nd, 2008

I want to use the DAI, but I'm not using neither DHCP Snooping nor DHCP server.

Can it works without static bindings.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Giuseppe Larosa Mon, 09/22/2008 - 09:08

Hello Omar,

DAI should work also without DHCP snooping you need to define manually the assocations IP addresses / MAC addresses

ip arp inspection filter arp-acl-name

vlan vlan-range [static]

Global command to refer to an ARP ACL that defines static

IP/MAC addresses to be checked by DAI for that VLAN

To permit ARPs from hosts that are configured for static IP when DAI is enabled and to define an ARP access list and apply it to a VLAN, use the ip arp inspection filter vlan command in global configuration mode. To disable this application, use the no form of this command.

ip arp inspection filter arp-acl-name vlan vlan-range [static]

no ip arp inspection filter arp-acl-name vlan vlan-range [static]

then you need to define an arp access-list that allows to specify the associations

Hope to help


omar.elmohri Tue, 09/23/2008 - 02:21

Hello Giuseppe,

Thanks for your reply. I see how to make it static, but what I want to verify is if the database of pairs (IP/MAC) can be formed automaticaly. And you reply says that NO.


Best Regards,


This Discussion