What does sh ip arp inspection interfaces and sh ip arp inspection log say?
On Fri, Jan 27, 2012 at 11:05 PM, Ben Hughes <bhughes_at_imc.net.au> wrote:
> Hi guys,
>
> Can anyone help me with where I'm going wrong regarding DAI? I have the
> following setup:
>
> R1 <-> Cat2 <-> Cat1 <-> R2
>
> R1 is a DHCP server and R2 is a DHCP client.
>
> I have configured the following on both switches:
>
> ip dhcp snoop vlan 12
> no ip dhcp snooping information option
> ip dhcp snooping database flash:dhcpsnoo
> ip dhcp snoop
> ip arp insp vlan 12
> ip arp insp validate src-mac dest-mac ip
>
> R1's port and interswitch trunks on Cat1 have
> ip dhcp snoop trust
>
> On Cat2 I have the following for R1:
> arp access-list VL12
> permit ip host <R1IP> mac host <R1mac> log
> ip arp inspection filter VL12 vlan 12
>
> I can't work out why ARP is still not working. R2 gets an address fine.
> If I disable ARP inspection on Cat1 everything starts to work. Given that
> the interswitch trunks have "ip arp inspect trust" and Cat1 has a DHCP
> snoop binding for R2 I can't see why this doesn t work.
>
> Anyone got any ideas for me?
>
> cheers,
> Ben.
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- Dennis Worth Blogs and organic groups at http://www.ccie.netReceived on Sat Jan 28 2012 - 07:31:33 ART
This archive was generated by hypermail 2.2.0 : Thu Feb 02 2012 - 11:52:52 ART