show ip arp inspection

Displays Dynamic ARP Inspection (DAI) information for one or more VLANs.

Syntax

show ip arp inspection [ vlan vlan-range ]

Parameters

vlan vlan-range
Specifies a VLAN, multiple VLANs (separated by commas with no spaces), a range of VLANs, or a combination of specified VLANs and ranges of VLANs. Valid values are from 1 through 4090.

Modes

Privileged EXEC mode

Output

The show ip arp inspection command displays the following information:

Output field Description
Vlan Displays the VLAN name.
Configuration Displays "Enabled" (ip arp inspection) or "Disabled" (no ip arp inspection).
Operation

Displays "Active" if ARP configuration is successfully saved to the database.

"Inactive" indicates one of the following conditions:
  • The "Configuration" value is "Disabled".
  • There is an internal issue that prevents successful application of ACLs.
ACL Match Displays the name of the ARP ACL that is applied.

Examples

The following example displays DAI information for all VLANs. 

device# show ip arp inspection 
  Vlan  Configuraton     Operation     ACL Match 
-------------------------------------------------
     1       Enabled        Active               
    10      Disabled      Inactive               
   100       Enabled        Active          acl1 
  1000       Enabled        Active               
    20      Disabled      Inactive               
   200      Disabled      Inactive               
  2000       Enabled        Active          acl1

The following example displays DAI information for specified VLANs and a range of VLANs. 

device# show ip arp inspection vlan 1,100,200-2000
  Vlan  Configuraton     Operation     ACL Match  
--------------------------------------------------
     1       Enabled        Active               
   100       Enabled        Active          acl1 
  1000       Enabled        Active               
   200      Disabled      Inactive               
  2000       Enabled        Active          acl1
9036689-01 Rev AA