C
HAPTER
25
| General Security Measures
ARP Inspection
– 937 –
ip arp inspection
limit
This command sets a rate limit for the ARP packets received on a port. Use
the no form to restore the default setting.
SYNTAX
ip arp inspection limit {rate pps | none}
no ip arp inspection limit
pps - The maximum number of ARP packets that can be processed
by the CPU per second. (Range: 0-2048, where 0 means that no
ARP packets can be forwarded)
none - There is no limit on the number of ARP packets that can be
processed by the CPU.
DEFAULT SETTING
15
COMMAND MODE
Interface Configuration (Port, Static Aggregation)
COMMAND USAGE
â—† This command applies to both trusted and untrusted ports.
â—† When the rate of incoming ARP packets exceeds the configured limit,
the switch drops all ARP packets in excess of the limit.
EXAMPLE
Console(config)#interface ethernet 1/1
Console(config-if)#ip arp inspection limit rate 150
Console(config-if)#
ip arp inspection
trust
This command sets a port as trusted, and thus exempted from ARP
Inspection. Use the no form to restore the default setting.
SYNTAX
[no] ip arp inspection trust
DEFAULT SETTING
Untrusted
COMMAND MODE
Interface Configuration (Port, Static Aggregation)
COMMAND USAGE
Packets arriving on untrusted ports are subject to any configured ARP
Inspection and additional validation checks. Packets arriving on trusted
ports bypass all of these checks, and are forwarded according to normal
switching rules.
To Next Page
Loading...
Need help?
General
