DHCP snooping and arp trust

Unanswered Question
Nov 3rd, 2010
User Badges:

Hi,

We have enabled DHCP snooping on particular VLAN. Does this automatically enables ARP inspection also? As if we are trying to connect one device with Static IP address and  it is not able to communicate. ( unfortunately device can not be configured as DHCP client).


output of shown below;


#sh ip arp inspection vlan 100

Source Mac Validation      : Disabled
Destination Mac Validation : Disabled
IP Address Validation      : Disabled


Destination Mac Validation : Disabled
IP Address Validation      : Disabled

Vlan     Configuration    Operation   ACL Match          Static ACL
----     -------------    ---------   ---------          ----------
  100     Disabled         Inactive

Vlan     ACL Logging      DHCP Logging      Probe Logging
----     -----------      ------------      -------------
  100     Deny             Deny              Off


OR  DO we need to particularly configure the interface where we plan to connect the Static IP device so that the ARP request made by this device are not rejected?



Please share the experience.


Thanks

Subodh

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
lgijssel Wed, 11/03/2010 - 06:54
User Badges:
  • Red, 2250 points or more

DHCP snooping does not affect arp trust settings.


The cause of your problem is likely somewhere else.

Can you reach the default gateway?

Are you sure the device is placed in the correct vlan?

Chad Peterson Wed, 11/03/2010 - 11:41
User Badges:
  • Cisco Employee,


DHCP snooping does not enable DAI.  If you do want to use DAI and have a device with static IP, you will either need to tell DAI to trust that port, or to put in a static binding for it.

Actions

This Discussion