38-10
Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX
OL-4266-08
Chapter 38 Configuring Dynamic ARP Inspection
Configuring DAI
To configure ARP packet rate limiting on a port, perform this task:
When configuring ARP packet rate limiting, note the following information:
• The default rate is 15 pps on untrusted interfaces and unlimited on trusted interfaces.
• For rate pps, specify an upper limit for the number of incoming packets processed per second. The
range is 0 to 2048 pps.
• The rate none keywords specify that there is no upper limit for the rate of incoming ARP packets
that can be processed.
• (Optional) For burst interval seconds (default is 1), specify the consecutive interval, in seconds,
over which the interface is monitored for a high rate of ARP packets.The range is 1 to 15.
• When the rate of incoming ARP packets exceeds the configured limit, the router places the port in
the error-disabled state. The port remains in the error-disabled state until you enable error-disabled
recovery, which allows the port to emerge from the error-disabled state after a specified timeout
period.
• Unless you configure a rate-limiting value on an interface, changing the trust state of the interface
also changes its rate-limiting value to the default value for the configured trust state. After you
configure the rate-limiting value, the interface retains the rate-limiting value even when you change
its trust state. If you enter the no ip arp inspection limit interface configuration command, the
interface reverts to its default rate-limiting value.
• For configuration guidelines about limiting the rate of incoming ARP packets on trunk ports and
EtherChannel ports, see the “DAI Configuration Guidelines and Restrictions” section on page 38-6.
This example shows how to configure ARP packet rate limiting on Fast Ethernet port 5/14:
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# interface fastethernet 5/14
Router(config-if)# ip arp inspection limit rate 20 burst interval 2
Router(config-if)# do show ip arp inspection interfaces | include Int|--|5/14
Interface Trust State Rate (pps) Burst Interval
--------------- ----------- ---------- --------------
Fa5/14 Untrusted 20 2
Command Purpose
Step 1
Router# configure terminal
Enters global configuration mode.
Step 2
Router(config)# interface {
type
1
slot/port
|
port-channel
number
}
1. type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet
Selects the interface to be configured.
Step 3
Router(config-if)# ip arp inspection limit {rate
pps
[burst interval
seconds
] | none}
(Optional) Configures ARP packet rate limiting.
Router(config-if)# no ip arp inspection limit
Clears the ARP packet rate-limiting configuration.
Step 4
Router(config-if)# do show ip arp inspection
interfaces
Verifies the configuration.
To Next Page
Loading...
