Port Channels Function - Cisco Catalyst 4500 series Administration Manual
Hide thumbs
Also See for Catalyst 4500 series:
- Software configuration manual (2086 pages) ,
- Configuration manual (1610 pages) ,
- Command reference manual (1230 pages)
Table of Contents
Advertisement
Chapter 52
Configuring Dynamic ARP Inspection
Port Channels Function
A given physical port can join a channel only when the trust state of the physical port and of the channel
match. Otherwise, the physical port remains suspended in the channel. A channel inherits its trust state
from the first physical port that joined the channel. Consequently, the trust state of the first physical port
need not match the trust state of the channel.
Conversely, when the trust state is changed on the channel, the new trust state is configured on all the
physical ports that comprise the channel.
The rate limit check on port channels is unique. The rate of incoming packets on a physical port is
checked against the port channel configuration rather than the physical ports' configuration.
The rate limit configuration on a port channel is independent of the configuration on its physical ports.
The rate limit is cumulative across all physical ports; that is, the rate of incoming packets on a port
channel equals the sum of rates across all physical ports.
When you configure rate limits for ARP packets on trunks, you must account for VLAN aggregation
because a high rate limit on one VLAN can cause a denial of service attack to other VLANs when the
port is error-disabled by software. Similarly, when a port channel is error-disabled, a high rate limit on
one physical port can cause other ports in the channel to go down.
Configuring Dynamic ARP Inspection
These sections describe how to configure DAI on your switch:
•
•
•
•
•
•
Configuring Dynamic ARP Inspection in DHCP Environments
This procedure shows how to configure dynamic ARP inspection when two switches support this feature.
Host 1 is connected to Switch A, and Host 2 is connected to Switch B as shown in Figure 52-3. Both
switches are running DAI on VLAN 100 where the hosts are located. A DHCP server is connected to
Switch A. Both hosts acquire their IP addresses from the same DHCP server. Switch A has the bindings
for Host 1, and Switch B has the bindings for Host 2.
OL_28731-01
Configuring Dynamic ARP Inspection in DHCP Environments, page 52-5
DAI Configuration Example, page 52-7
Configuring ARP ACLs for Non-DHCP Environments, page 52-11
Configuring the Log Buffer, page 52-14
Limiting the Rate of Incoming ARP Packets, page 52-16
Performing Validation Checks, page 52-19
(optional)
(optional)
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
Configuring Dynamic ARP Inspection
(required)
(optional)
(optional)
52-5
Advertisement
Chapters
Table of Contents
Troubleshooting
