Default
None.
Command Mode
Global Configuration Mode.
Command Default Level
Level: 12.
Usage Guideline
Use this command to specify an ARP access list to be used for ARP inspection checks for the VLAN.
Up to one access list can be specified for a VLAN.
The dynamic ARP inspection checks the ARP packets received on the VLAN to verify that the binding
pair of the source IP and source MAC address of the packet is valid. The validation process will match
the address binding against the entries of the DHCP snooping database. If the command is
configured, the validation process will match the address binding against the access list entries and
the DHCP snooping database.
ARP ACLs take precedence over entries in the DHCP snooping binding database. If the packet is
explicitly denied by the access control list, the packet is dropped. If the packet is denied due to the
implicit deny, the packet will be further matched against the DHCP snooping binding entries if the
keyword “static” is not specified. The implicit denied packet is dropped if the keyword “static” is
specified.
Example
This example shows how to apply the ARP ACL static ARP list to VLAN 10 for DAI.
Switch# configure terminal
Switch(config)# ip arp inspection filter static-arp-list vlan 10
Switch(config)#
26-5 ip arp inspection limit
This command is used to limit the rate of incoming ARP requests and responses on an interface. Use
the no form of this command to revert to the default settings.
ip arp inspection limit {rate VALUE [burst interval SECONDS] | none}
no ip arp inspection limit
Parameters
(Optional) Specifies the length of the burst duration of the ARP
packets that is allowed. The valid range is from 1 to 15. If not
specified, the default setting is one second.
To Next Page
Loading...
