Table of Contents
Advertisement
| General Security Measures
C
24
HAPTER
ARP Inspection
ip arp inspection
limit
ip arp inspection
trust
This command sets a rate limit for the ARP packets received on a port. Use
the no form to restore the default setting.
S
YNTAX
ip arp inspection limit {rate pps | none}
no ip arp inspection limit
pps - The maximum number of ARP packets that can be processed
by the CPU per second. (Range: 0-2048, where 0 means that no
ARP packets can be forwarded)
none - There is no limit on the number of ARP packets that can be
processed by the CPU.
D
S
EFAULT
ETTING
15
C
M
OMMAND
ODE
Interface Configuration (Port, Static Aggregation)
C
U
OMMAND
SAGE
This command applies to both trusted and untrusted ports.
◆
When the rate of incoming ARP packets exceeds the configured limit,
◆
the switch drops all ARP packets in excess of the limit.
E
XAMPLE
Console(config)#interface ethernet 1/1
Console(config-if)#ip arp inspection limit rate 150
Console(config-if)#
This command sets a port as trusted, and thus exempted from ARP
Inspection. Use the no form to restore the default setting.
S
YNTAX
[no] ip arp inspection trust
D
S
EFAULT
ETTING
Untrusted
C
M
OMMAND
ODE
Interface Configuration (Port, Static Aggregation)
C
U
OMMAND
SAGE
Packets arriving on untrusted ports are subject to any configured ARP
Inspection and additional validation checks. Packets arriving on trusted
ports bypass all of these checks, and are forwarded according to normal
switching rules.
– 944 –
Advertisement
Chapters
Table of Contents
