1004 BigIron RX Series Configuration Guide53-1002253-01Dynamic ARP inspection35 Configuring an inspection ARP entryStatic ARP and static inspection ARP entries need to be configured for hosts on untrusted ports.Otherwise, when DAI checks ARP packets from these hosts against entries in the ARP table, it willnot find any entries for them, and the Brocade device will not allow and learn ARP from anuntrusted host.When the inspection ARP entry is resolved with the correct IP/MAC mapping, its status changesfrom pending to valid.To configure an inspection ARP entry, enter commands such as the following.BigIron RX(config)#arp 20.20.20.12 0001.0002.0003 inspectionThe commands defines an inspection ARP entry, mapping a device’s IP address 20.20.20.12 withits MAC address 0001.0002.0003.Syntax: [no] arp <index> <ip-addr> <mac-addr> inspectionThe index can be from 1 up to the maximum number of static entries allowed.The <ip-addr> <mac-addr> parameter specifies a device’s IP address and MAC address pairing.Enabling DAI on a VLANDAI is disabled by default. To enable DAI on an existing VLAN, enter the following command.BigIron RX(config)#ip arp inspection vlan 2The command enables DAI on VLAN 2. ARP packets from untrusted ports in VLAN 2 will undergoDAI inspection.Syntax: [no] ip arp inspection vlan <vlan-number>The <vlan-number> variable specifies the ID of a configured VLAN.Enabling trust on a portThe default trust setting for a port is untrusted. For ports that are connected to host ports, leavetheir trust settings as untrusted.To enable trust on a port, enter commands such as the following.BigIron RX(config)#interface ethernet 1/4BigIron RX(config-if-e10000-1/4)#arp inspection trustThe commands change the CLI to the interface configuration level of port 1/4 and set the trustsetting of port 1/4 to trusted.Syntax: [no] arp inspection trustDisplaying ARP inspection status and portsTo display the ARP inspection status for a VLAN and the trusted or untrusted ports in the VLAN,enter the following command.