Dynamic ARP Inspection

Question 1

DAI rate limiting is enabled on untrusted ports with a rate of […] by default.

Answer 1

15 packets per second

Question 2

DAI rate limiting is enabled on […] ports by default.

Answer 2

untrusted

Question 3

Does DAI inspect messages received on trusted ports?

Answer 3

No

Question 4

DAI inspects ARP messages received on […] ports.

Answer 4

untrusted

Question 5

DAI checks ARP messages’ sender MAC and sender IP fields against the […] and […].

Answer 5

DHCP snooping binding table / ARP ACLs

Question 6

DAI checks ARP messages’ […] and […] fields against the DHCP snooping binding table and ARP ACLs.

Answer 6

sender MAC / sender IP

Question 7

DAI: All ports are [trusted/untrusted] by default.

Answer 7

untrusted

Question 8

Show a summary of DAI interfaces:
SW1# […]

Answer 8

show ip arp inspection interfaces

Question 9

Show a summary of DAI configuration and statistics:
SW1# […]

Answer 9

show ip arp inspection

Question 10

Apply an ARP ACL to DAI:
SW1(config)# […]

Answer 10

ip arp inspection filter arp-acl-name vlan vlan

Question 11

Configure an ARP ACL entry mapping an IP address to a MAC address (permit)
SW1(config-arp-nacl)# […]

Answer 11

permit ip host ip-address mac host mac-address

Question 12

Create an ARP ACL:
SW1(config)# […]

Answer 12

arp access-list name

Question 13

Configure DAI rate limiting:
SW1(config-if)# […]

Answer 13

ip arp inspection limit rate packets [burst interval seconds]

Question 14

Configure a DAI trusted interface:
SW1(config-if)# […]

Answer 14

ip arp inspection trust

Question 15

Enable additional DAI validation checks:
SW1(config)# […]

Answer 15

ip arp inspection validate (src-mac | dst-mac | ip)

Question 16

Enable err-disable recovery for DAI rate limiting:
SW1(config)# […]

Answer 16

errdisable recovery cause arp-inspection

Question 17

Enable DAI for a VLAN:
SW1(config)# […]

Answer 17

ip arp inspection vlan vlan