arp-inspection
Syntax
arp-inspection {
forwarding-class class-name;
}
Hierarchy Level
For platforms with ELS:
[edit vlans vlan-name forwarding-options dhcp-security], [edit forwarding-options dhcp-relay ]
For platforms without ELS:
[edit ethernet-switching-options secure-access-port vlan (all | vlan-name)], [edit forwarding-options dhcp-relay ]
Description
Perform dynamic ARP inspection (DAI) on all VLANs or on the specified VLAN.
When DAI is enabled, the switch logs invalid ARP packets that it receives on each interface, along with the sender’s IP and MAC addresses. ARP probe packets, which have the sender IP address 0.0.0.0, are validated by DAI.
If you configure DAI at the [edit vlans vlan-name forwarding-options
dhcp-security] hierarchy level:
DAI can be configured only for a specific VLAN, not for a list or a range of VLAN IDs.
DHCP snooping is automatically enabled on the specified VLAN.
The
forwarding-classstatement is not available at the[edit vlans vlan-name forwarding-options dhcp-security]hierarchy level.
See Enabling Dynamic ARP Inspection (ELS) for more information about this configuration.
On EX9200 switches, DAI is not supported in an MC-LAG scenario.
The remaining statement is explained separately.
Default
Disabled.
Required Privilege Level
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 9.0.
Hierarchy level [edit vlans vlan-name forwarding-options dhcp-security]
introduced in Junos OS Release 13.2X50-D10. (See Using the Enhanced Layer
2 Software CLI for information about ELS.)