Ip Arp Inspection Limit - Cisco Catalyst 3750 Command Reference Manual

ip arp inspection limit

You should configure trunk ports with higher rates to reflect their aggregation. When the rate of
incoming packets exceeds the user-configured rate, the switch places the interface into an error-disabled
state. The error-disable recovery feature automatically removes the port from the error-disabled state
according to the recovery setting.
The rate limit is calculated separately on each switch in a switch stack. For a cross-stack EtherChannel,
this means that the actual rate limit might be higher than the configured value. For example, if you set
the rate limit to 30 pps on an EtherChannel that has one port on switch 1 and one port on switch 2, each
port can receive packets at 29 pps without causing the EtherChannel to become error-disabled.
The rate of incoming ARP packets on EtherChannel ports is equal to the sum of the incoming rate of
packets from all channel members. Configure the rate limit for EtherChannel ports only after examining
the rate of incoming ARP packets on the channel members.
Examples
This example shows how to limit the rate of incoming ARP requests on a port to 25 pps and to set the
interface monitoring interval to 5 consecutive seconds:
Switch(config)# interface gigabitethernet1/0/1
Switch(config-if)# ip arp inspection limit rate 25 burst interval 5
You can verify your settings by entering the show ip arp inspection interfaces interface-id privileged
EXEC command.
Related Commands Command
show ip arp inspection
interfaces
Catalyst 3750 Switch Command Reference
2-120
Description
Displays the trust state and the rate limit of ARP packets for the specified
interface or all interfaces.
Chapter 2 Catalyst 3750 Switch Cisco IOS Commands
78-16181-03