2-141
Catalyst 3550 Multilayer Switch Command Reference
OL-8566-02
Chapter 2      Catalyst 3550 Switch Cisco IOS Commands
ip arp inspection trust
ip arp inspection trust
Use the ip arp inspection trust interface configuration command to configure an interface trust state 
that determines which incoming Address Resolution Protocol (ARP) packets are inspected. Use the no 
form of this command to return to the default setting.
ip arp inspection trust 
no ip arp inspection trust
This command is available only if your switch is running the IP services image, formerly known as the 
enhanced multilayer image (EMI).
Syntax Description This command has no arguments or keywords.
Defaults The interface is untrusted.
Command Modes Interface configuration
Command History
Usage Guidelines The switch does not check ARP packets that it receives on the trusted interface; it simply forwards the 
packets.
For untrusted interfaces, the switch intercepts all ARP requests and responses. It verifies that the 
intercepted packets have valid IP-to-MAC address bindings before updating the local cache and before 
forwarding the packet to the appropriate destination. The switch drops invalid packets and logs them in 
the log buffer according to the logging configuration specified with the ip arp inspection vlan logging 
global configuration command.
Examples This example shows how to configure a port to be trusted:
Switch(config)# interface gigabitethernet 0/1
Switch(config-if)# ip arp inspection trust 
You can verify your setting by entering the show ip arp inspection interfaces interface-id privileged 
EXEC command.
Release Modification
12.2(25)SEA This command was introduced.