Hello Ben
Can you try change the mac-address to 'any' in the following command?
*
permit ip host <R1IP> mac host any
*
Also what counter is incrementing in the following command for the ARP
packets?
*
show ip arp inspection statistics vlan 12
*
Is ARP not functional on both routers?
Regards
Farrukh
On Sat, Jan 28, 2012 at 10:05 AM, Ben Hughes <bhughes_at_imc.net.au> wrote:
> Hi guys,
>
> Can anyone help me with where I'm going wrong regarding DAI? I have the
> following setup:
>
> R1 <-> Cat2 <-> Cat1 <-> R2
>
> R1 is a DHCP server and R2 is a DHCP client.
>
> I have configured the following on both switches:
>
> ip dhcp snoop vlan 12
> no ip dhcp snooping information option
> ip dhcp snooping database flash:dhcpsnoo
> ip dhcp snoop
> ip arp insp vlan 12
> ip arp insp validate src-mac dest-mac ip
>
> R1's port and interswitch trunks on Cat1 have
> ip dhcp snoop trust
>
> On Cat2 I have the following for R1:
> arp access-list VL12
> permit ip host <R1IP> mac host <R1mac> log
> ip arp inspection filter VL12 vlan 12
>
> I can't work out why ARP is still not working. R2 gets an address fine.
> If I disable ARP inspection on Cat1 everything starts to work. Given that
> the interswitch trunks have "ip arp inspect trust" and Cat1 has a DHCP
> snoop binding for R2 I can't see why this doesn t work.
>
> Anyone got any ideas for me?
>
> cheers,
> Ben.
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Sun Jan 29 2012 - 10:02:32 ART
This archive was generated by hypermail 2.2.0 : Thu Feb 02 2012 - 11:52:52 ART