Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

arp-inspection

 

Syntax

Hierarchy Level

  • For platforms with ELS:

  • For platforms without ELS:

Release Information

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Hierarchy level [edit vlans vlan-name forwarding-options dhcp-security] introduced in Junos OS Release 13.2X50-D10. (See Using the Enhanced Layer 2 Software CLI for information about ELS.)

Statement introduced in Junos OS Release 13.2 for the QFX series.

Description

Perform dynamic ARP inspection (DAI) on all VLANs or on the specified VLAN.

When DAI is enabled, the switch logs invalid ARP packets that it receives on each interface, along with the sender’s IP and MAC addresses. ARP probe packets, which have the sender IP address 0.0.0.0, are validated by DAI.

Note

If you configure DAI at the [edit vlans vlan-name forwarding-options dhcp-security] hierarchy level:

  • DAI can be configured only for a specific VLAN, not for a list or a range of VLAN IDs.

  • DHCP snooping is automatically enabled on the specified VLAN.

  • The forwarding-class statement is not available at the [edit vlans vlan-name forwarding-options dhcp-security] hierarchy level.

See Enabling Dynamic ARP Inspection (ELS) for more information about this configuration.

Note

On EX9200 switches, DAI is not supported in an MC-LAG scenario.

The remaining statement is explained separately.

Default

Disabled.

Required Privilege Level

system—To view this statement in the configuration.

system-control—To add this statement to the configuration.