Administrator Guide
Layer 2 Switching Commands 380
ip arp inspection filter
Use the ip arp inspection filter command to configure the ARP ACL to be
used for a single VLAN or a range of VLANs to filter invalid ARP packets. If
the static keyword is given, packets that do not match a permit statement are
dropped without consulting the DHCP snooping bindings. Use the “no” form
of this command to unconfigure the ARP ACL.
Syntax
ip arp inspection filter
acl-name
vlan
vlan-range
[static]
no ip arp inspection filter
acl-name
vlan
vlan-range
[static]
•
acl-name
—The name of a valid ARP ACL. (Range: 1–31 characters)
•
vlan-range
—A list of VLAN identifiers. List separate, non-consecutive
VLAN IDs separated by commas (without spaces). Use a hyphen to
designate a range of IDs. (Range: 1–4093)
Default Configuration
No ARP ACL is configured.
Command Mode
Global Configuration mode
User Guidelines
There are no user guidelines for this command.
Example
console(config)#ip arp inspection filter tier1 vlan 2-10 static
console(config)#ip arp inspection filter tier1 vlan 20-30
ip arp inspection limit
Use the ip arp inspection limit command to configure the rate limit and
burst interval values for an interface.
Configuring none for the limit means the interface is not rate limited for
Dynamic ARP Inspection.
2CSNXXX_SWUM204.book Page 380 Monday, January 25, 2016 1:25 PM