786 Snooping and Inspecting Traffic
ip arp inspection filter
acl-name
vlan
vlan-range
[static]
Configure the ARP ACL to be used for a single VLAN or a
range of VLANs to filter invalid ARP packets.
Use the static keyword to indicate that packets that do not
match a permit statement are dropped without consulting
the DHCP snooping bindings.
interface
interface
Enter interface configuration mode for the specified port
or LAG. The
interface
variable includes the interface type
and number, for example tengigabitethernet 1/0/3. For a
LAG, the interface type is port-channel.
You can also specify a range of ports with the interface
range command, for example, interface range
tengigabitethernet 1/0/8-12 configures interfaces 8, 9, 10,
11, and 12.
ip arp inspection limit
{none | rate
pps
[burst
interval
seconds
]}
Configure the rate limit and burst interval values for an
interface.Use the keyword none to specify that the
interface is not rate limited for Dynamic ARP Inspection.
•
none
— To set no rate limit.
•
pps
— Packets per second (Range: 0–300).
•
seconds
— The number of seconds (Range: 1–15).
ip arp inspection trust Specify that the interface as trusted for Dynamic ARP
Inspection.
CTRL + Z Exit to Privileged EXEC mode.
show ip arp inspection
interfaces [
interface
]
View the Dynamic ARP Inspection configuration on all
the DAI-enabled interfaces or for the specified interface.
show ip arp inspection
vlan [
vlan-range
]
View the Dynamic ARP Inspection configuration on the
specified VLAN(s).
This command also displays the global configuration
values for source MAC validation, destination MAC
validation and invalid IP validation.
show ip arp inspection
statistics [vlan
vlan-
range
]
View the statistics of the ARP packets processed by
Dynamic ARP Inspection for the switch or for the
specified VLAN(s).
show arp access-list [
acl-
name
]
View all configured ARP ACL and their rules, or use the
ACL name to view information about that ARP ACL only.
Command Purpose
To Next Page
Loading...
