Administrator Guide
Snooping and Inspecting Traffic 973
arp access-list
acl-name
Create an ARP ACL with the specified name (1–31
characters) and enter ARP Access-list Configuration mode
for the ACL.
permit ip host
sender-ip
mac host
sender-mac
Configure a rule for a valid IP address and MAC address
combination used in ARP packet validation.
•
sender-ip
— Valid IP address used by a host.
•
sender-mac
—Valid MAC address in combination with
the above sender-ip used by a host.
exit Exit to Global Config mode.
ip arp inspection filter
acl-name
vlan
vlan-range
[static]
Configure the ARP ACL to be used for a single VLAN or a
range of VLANs to filter invalid ARP packets.
Use the static keyword to indicate that packets that do not
match a permit statement are dropped without consulting
the DHCP snooping bindings.
interface
interface
Enter interface configuration mode for the specified port
or LAG. The
interface
variable includes the interface type
and number, for example tengigabitethernet 1/0/3. For a
LAG, the interface type is port-channel.
A range of ports can be specified using the interface range
command. For example, interface range
tengigabitethernet 1/0/8-12 configures interfaces 8, 9, 10,
11, and 12.
ip arp inspection limit
{none | rate
pps
[burst
interval
seconds
]}
Configure the rate limit and burst interval values for an
interface.Use the keyword none to specify that the
interface is not rate limited for Dynamic ARP Inspection.
•
none
— To set no rate limit.
•
pps
— Packets per second (Range: 0–300).
•
seconds
— The number of seconds (Range: 1–15).
ip arp inspection trust Specify that the interface as trusted for Dynamic ARP
Inspection.
CTRL + Z Exit to Privileged EXEC mode.
show ip arp inspection
interfaces [
interface
]
View the Dynamic ARP Inspection configuration on all
the DAI-enabled interfaces or for the specified interface.
Command Purpose