Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

IP ARP inspection on trunk ports?

Hello,

Should I be trusting ARP on trunk ports?  I have a couple of switches that are trunked and one of the switches it providing DHCP to hosts on both switches, I have IP DHCP snooping already running on both, but isn't trusting ARP on the trunk basically saying I trust all?

I think I just need to know the rules of DHCP snooping and ARP inspection on trunk ports.

Thanks

1 REPLY

Re: IP ARP inspection on trunk ports?

Hi Andy,

since DAI uses the DHCP snooping binding table to check if an ARP packet is valid or not, you'll also need to configure DAI trusting on trunks (no DHCP snooping bindings on trusted interfaces).

From the c2960 12.2(55)SE configuration guide:

In a typical network configuration, you configure all switch ports connected to host ports as untrusted and configure all switch ports connected to switches as trusted.

HTH

Rolf

151
Views
0
Helpful
1
Replies
CreatePlease to create content