Protocols DAI
The protocols DAI member has the following attributes:
.png?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9kemY4dnF2MjRlcWhnLmNsb3VkZnJvbnQubmV0L3VzZXJmaWxlcy80MTcwMy81NDk1Mi9ja2ZpbmRlci9pbWFnZXMvcXUvMjAyNS9pbWFnZSgxMykucG5nIiwiQ29uZGl0aW9uIjp7IkRhdGVMZXNzVGhhbiI6eyJBV1M6RXBvY2hUaW1lIjoxNzYyMDg5ODU1fX19XX0_&Signature=J9aEYR-PiCXk7bB5NIYVdctZfylbywKnMXrUyKAirpsgnb7Iplcmc~rNW8hc2vfxfQsj-rdWZrT8Nyii9tJFd3J35A3rYDgBSUkIDf4xRsmFSX1eGYwkZafDXAqXOI5lhCmTIqAoX25GdNHpbmOY1r80kdk2AR5nBW1Px-FdtIK5abxjjSjAmvT1iRZ8vkrrU2AEI~tc~HRj2agYnRj5pPMbl7lJbcif0Ln5VoFg9BoGrIUd6q2OFx3JPsUA8Jzez8VhKDsiD1ZxkjG4zhuWi~cnnpT4OCe4ebz7CP45k0vquDMnnPuqEBVl~btq-cTSCXCZqDo4kZ~19sjvUJVVwQ__&Key-Pair-Id=K2TK3EG287XSFC)
DAI Profile Attributes
| Attribute | Values | Default | Req | Description |
|---|---|---|---|---|
| Admin-state | enabled | disabled | Disabled | Y | Whether to perform DAI checks on all vlans configured with dai enabled. Both the global admin state must be enabled and dai set to true on the vlan. |
| Logging-admin-state | enabled | disabled | Enabled | N | Whether to log DAI events to syslog. |
| Logging-type | dai-log-all | dai-log-deny | dai-log-permit |
Dai-log-deny | N | Dai-log-deny is the default and will only log ARPs that are denied due to violating one of the ARP checks. dai-log-all will log ALL arps both permitted and denied. This should only be used in very specific debug cases. Logging permits would often log hundreds of arps per second into the logs. dai-log-permit – Log all permitted arps but not denied arps. Useful only for debugging. |
| Destination-mac-check | true | false | True | N | Ensures that the destination MAC of the Ethernet Header agrees with the target MAC in the ARP body of ARP responses. Should typically be enabled. |
| Source-mac-check | true | false | True | N | Verifies that ARP header and body have the same source MAC address in both ARP requests and ARP responses. Should typically be enabled. |
| Arp-ip-check | true | false | True | N | Ensures that the IP address is a valid IP address will exclude all Multicast Address, all FFs or all zeroes. IP is checked in all ARP requests and responses. Should typically be enabled. |
| Ip-source-protect | true | false | True | N | Ensures that the IP address is a valid IP address will exclude all Multicast Address, all FFs or all zeroes. IP is checked in all ARP |
Note: * = required parameter
- Command Path – tolt>protocols >dai>config>
- Module – tolt
- Container – protocols
- Container – dai
- Container – config
- Types –
- *Admin-state – Whether to perform DAI checks on all vlans configured with dai enabled. Both the global admin state must be enabled and dai set to true on the vlan.
- enabled | disabled (default)
- Logging-admin-state – Whether to log DAI events to syslog.
- enabled (default) | disabled
- Logging-type – Dai-log-deny is the default and will only log ARPs that are denied due to violating one of the ARP checks.
dai-log-all will log ALL arps both permitted and denied. This should only be used in very specific debug cases. Logging permits would often log hundreds of arps per second into the logs.
dai-log-permit – Log all permitted arps but not denied arps. Useful only for debugging.- dai-log-all | dai-log-deny (default) | dai-log-permit
- Destination-mac-check – Ensures that the destination MAC of the Ethernet Header agrees with the target MAC in the ARP body of ARP responses. Should typically be enabled.
- true (default) | false
- Source-mac-check – Verifies that ARP header and body have the same source MAC address in both ARP requests and ARP responses. Should typically be enabled..
- true (default) | false
- Arp-ip-check – Ensures that the IP address is a valid IP address will exclude all Multicast Address, all FFs or all zeroes. IP is checked in all ARP requests and responses. Should typically be enabled.
- true (default) | false
- Ip-source-protect – If desired, you can add source IP protection. If this feature is enabled, once the Source IP is bound, it will drop all packets that do not match the source IP to MAC binding learned from DHCP.
- true (default) | false
- *Admin-state – Whether to perform DAI checks on all vlans configured with dai enabled. Both the global admin state must be enabled and dai set to true on the vlan.
Enable DAI Example
- Module – tolt
- Container – protocols
- Container – dai
- Container – config
- Type – Example Parameter
- admin-state enabled
- From the MDS1-ESUA<Config># command line, input tolt protocols dai config admin-state enabled and press Enter.
- Input commit and press Enter. Outputs similar to the following are displayed:
MDS1-ESUA<Config># tolt protocols dai config admin-state enabled <enter> MDS1-ESUA<Config># commit <enter> commit complete MDS1-ESUA<Config># _
Disable DAI Example
- Command Path – tolt>protocols >dai>config>
- Module – tolt
- Container – protocols
- Container – dai
- Container – config
- Type – Example Parameter
- admin-state disabled
- From the MDS1-ESUA<Config># command line, input tolt protocols dai config admin-state disabled and press Enter.
- Input commit and press Enter. Outputs similar to the following are displayed:
MDS1-ESUA<Config># tolt protocols dai config admin-state disabled <enter> MDS1-ESUA<Config># commit <enter> commit complete MDS1-ESUA<Config># _
Enable DAI Logging
- Command Path – tolt>protocols >dai>config>
- Module – tolt
- Container – protocols
- Container – dai
- Container – config
- Type – Example Parameter
- logging-admin-state enabled
- From the MDS1-ESUA<Config># command line, input tolt protocols dai config logging-admin-state enabled and press Enter.
- Input commit and press Enter. Outputs similar to the following are displayed:
MDS1-ESUA<Config># tolt protocols dai config logging-admin-state enabled <enter> MDS1-ESUA<Config># commit <enter> commit complete MDS1-ESUA<Config># _
FEEDBACK: Are you happy with this material?
Thank you Your feedback helps us to continually improve our content.