Name: Cisco Catalyst 2960-XR
Brand: Cisco
Rating: 5 (1 reviews)

To Next Page

To Previous Page

PurposeCommand or Action

•

For vlan-range, specify the VLAN that the switches and hosts are in. You can

specify a single VLAN identified by VLAN ID number, a range of VLANs

separated by a hyphen, or a series of VLANs separated by a comma. The range

is 1 to 4094.

•

(Optional) Specify static to treat implicit denies in the ARP ACL as explicit

denies and to drop packets that do not match any previous clauses in the ACL.

DHCP bindings are not used.

If you do not specify this keyword, it means that there is no explicit deny in the

ACL that denies the packet, and DHCP bindings determine whether a packet is

permitted or denied if the packet does not match any clauses in the ACL.

ARP packets containing only IP-to-MAC address bindings are compared against the

ACL. Packets are permitted only if the access list permits them.

Specify the Switch A interface that is connected to Switch B, and enter interface

configuration mode.

interface interface-id

Step 6

Configure the Switch A interface that is connected to Switch B as untrusted.no ip arp inspection trust

Step 7

By default, all interfaces are untrusted.

For untrusted interfaces, the switch intercepts all ARP requests and responses. It

verifies that the intercepted packets have valid IP-to-MAC address bindings before

updating the local cache and before forwarding the packet to the appropriate

destination. The switch drops invalid packets and logs them in the log buffer according

to the logging configuration specified with the ip arp inspection vlan logging global

configuration command. For more information, see the section, “Configuring the Log

Buffer."

Return to privileged EXEC mode.end

Step 8

Verify your entries.show arp access-list acl-name

show ip arp inspection vlan

Step 9

vlan-range show ip arp

inspection interfaces

(Optional) Save your entries in the configuration file.copy running-config

startup-config

Step 10

To remove the ARP ACL, use the no arp access-list global configuration command. To remove the ARP

ACL attached to a VLAN, use the no ip arp inspection filter arp-acl-name vlan vlan-range global

configuration command.

Catalyst 2960-XR Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX1

204 OL-29434-01

Configuring Dynamic ARP Inspection

Configuring ARP ACLs for Non-DHCP Environments

Other manuals for Cisco Catalyst 2960-XR

Reference52 pages

Configuration Guide196 pages

Configuration Guides120 pages

Questions and Answers:

Need help?

Do you have a question about the Cisco Catalyst 2960-XR and is the answer not in the manual?

Cisco Catalyst 2960-XR Specifications

General

Stacking Bandwidth	80 Gbps
Layer Support	Layer 2 and Layer 3
Jumbo Frame Support	9198 bytes
RAM	512 MB
Input Voltage	100-240V AC
Model	Catalyst 2960-XR
Uplink Interfaces	4 x 1G SFP or 2 x 10G SFP+
Downlink Interfaces	24 or 48 x Gigabit Ethernet ports
Power Supply	Internal
MAC Address Table Size	16, 000 entries
PoE	Available on PoE models
Weight	4.5 kg
Features	energy efficiency
Stacking	Up to 8 switches
Operating Temperature	0 to 45°C