Users Guide
Layer 2 Switching Commands 382
Default Configuration
Interfaces are configured as untrusted by default.
Command Mode
Interface Configuration (gigabitethernet, port-channel, tengigabitethernet,
fortygigabitethernet) mode
User Guidelines
ARP responses received on a trusted interface are not checked against the
DHCP snooping bindings. They are entered into the ARP cache without
filtering.
Example
console(config-if-Gi1/0/3)#ip arp inspection trust
ip arp inspection validate
Use the ip arp inspection validate command to enable additional validation
checks on received ARP packets.
Syntax
ip arp inspection validate {[src-mac] [dst-mac] [ip]}
no ip arp inspection validate {[src-mac] [dst-mac] [ip]}
• src-mac
—
For validating the source MAC address of an ARP packet.
• dst-mac
—
For validating the destination MAC address of an ARP packet.
• ip
—
For validating the IP address of an ARP packet.
Default Configuration
There is no additional validation enabled by default.
Command Mode
Global Configuration mode