Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Dynamic ARP inspection

Hi ALl,

I have configured dhcp snooping on the lab and it worked as expected. Now, I am trying to configure Dynamic ARP inspection and I had an understanding that I need to create an ACL for all static ip addresses I have in order for that to work correctly.

However, in the lab setting, I have couple of machines with static IPs and I have not configured any ACL. So, the dhcp snooping table does not have any entry. But still, the static ip machines do not have any problem communicating.

Now, I am really confused about how does it verify if the ARP requests and responses are valid without the entry being there on the IP-to-MAC address binding table?



Re: Dynamic ARP inspection

check out the following link on Dynamic ARP Inspection, hope this helps :


Re: Dynamic ARP inspection

Yes the MAC address to IP address bindings should be in the DHCP snooping binding database or the static IPs needs to be allowed using ARP ACL for dynamic ARP inspection to work.

Now in your lab did you have the static IP assigned machines on the same switch where ARP inspection was enabled or on a different switch with no ARP inspection? Also did the switch ports with static IP have "ip arp inspection trust" configured on them?

CreatePlease login to create content