Monitoring dynamic ARP protection
When dynamic ARP protection is enabled, you can monitor and troubleshoot the validation of ARP packets with the
debug arp-protect command. Use this command when you want to debug the following conditions:
-
The switch is dropping valid ARP packets that should be allowed.
-
The switch is allowing invalid ARP packets that should be dropped.
Output for the debug arp-protect command
switch(config)# debug arp-protect 1. ARP request is valid "DARPP: Allow ARP request 000000-000001,10.0.0.1 for 10.0.0.2 port 1, vlan " 2. ARP request detected with an invalid binding "DARPP: Deny ARP request 000000-000003,10.0.0.1 port 1, vlan 1" 3. ARP response with a valid binding "DARPP: Allow ARP reply 000000-000002,10.0.0.2 port 2, vlan 1" 4. ARP response detected with an invalid binding "DARPP: Deny ARP reply 000000-000003,10.0.0.2 port 2, vlan 1"