A network administrator found that IP device tracking table on a switch is not getting updated when the client has a static IP address, but if the address is from DHCP, the table is getting updated.
Which description of the cause of this issue is true?
A. The switch code must be upgraded.
B. IP device tracking is not configured properly.
C. ARP inspection is on and there is no ARP ACL for static clients.
D. IP device tracking does not work with statically assigned IP addresses.
passed 300-208. not all answers here are correct and many new questions on the test!
passed 300-208. not all answers here are correct and no many new questions!
Comment from joe blow is not directly intended for ip device tracking. It comes from https://community.cisco.com/t5/switching/applying-arp-acls-for-dai-filtering/td-p/2563689
For more, see
https://www.cisco.com/c/en/us/support/docs/ip/address-resolution-protocol-arp/118630-technote-ipdt-00.html
https://community.cisco.com/t5/switching/applying-arp-acls-for-dai-filtering/td-p/2563689
ARP inspection is feature that validates MAC/IP-address pairs. So, the pairing should be maintained somehow and the best way is to use DHCP snooping.
If DHCP snooping is not an option, you should configure ARP ACL.
DAI can be used either with the dhcp snooing D/B or without it.
You you dont have dhcp or snooping active, so the wayto do this is manually creating a DAI listing.
arp access-list DAI
permit ip host 192.168.1.1 mac host 0000.0000.1111
permit ip host 192.168.1.2 mac host 0000.0000.2222
permit ip host 192.168.1.3 mac host 0000.0000.3333
etc.
ip arp inspection filter list vlan 10 static DAI
clear ip dhcp snoop binding *
no ip dhcp snooping
no ip dhcp snooping vlan 10