Ip Arp Inspection Limit - Cisco Catalyst 3750 Metro Command Reference Manual
Hide thumbs
Also See for Catalyst 3750 Metro:
- Product support bulletin (6 pages) ,
- Reference manual (58 pages)
Table of Contents
Advertisement
ip arp inspection limit
ip arp inspection limit
Use the ip arp inspection limit interface configuration command on the switch to limit the rate of
incoming Address Resolution Protocol (ARP) requests and responses on an interface. It prevents
dynamic ARP inspection from using all of the switch resources if a denial-of-service attack occurs. Use
the no form of this command to return to the default settings.
This command is available only if your switch is running the enhanced multilayer image (EMI).
Syntax Description
rate pps
burst interval seconds
none
Defaults
The rate is 15 pps on untrusted interfaces, assuming that the network is a switched network with a host
connecting to as many as 15 new hosts per second.
The rate is unlimited on all trusted interfaces.
The burst interval is 1 second.
Command Modes
Interface configuration
Command History
Release
12.2(25)EY
Usage Guidelines
The rate applies to both trusted and untrusted interfaces. Configure appropriate rates on trunks to process
packets across multiple dynamic ARP inspection-enabled VLANs, or use the none keyword to make the
rate unlimited.
After a switch receives more than the configured rate of packets every second consecutively over a
number of burst seconds, the interface is placed into an error-disabled state.
Unless you explicitly configure a rate limit on an interface, changing the trust state of the interface also
changes its rate limit to the default value for that trust state. After you configure the rate limit, the
interface retains the rate limit even when its trust state is changed. If you enter the no ip arp inspection
limit interface configuration command, the interface reverts to its default rate limit.
Catalyst 3750 Metro Switch Command Reference
2-134
ip arp inspection limit {rate pps [burst interval seconds] | none}
no ip arp inspection limit
Specify an upper limit for the number of incoming packets processed per
second. The range is 0 to 2048 packets per second (pps).
(Optional) Specify the consecutive interval in seconds, over which the
interface is monitored for a high rate of ARP packets.The range is 1 to 15
seconds.
Specify no upper limit for the rate of incoming ARP packets that can be
processed.
Modification
This command was introduced.
Chapter 2
Catalyst 3750 Metro Switch Cisco IOS Commands
OL-9645-10
Advertisement
Table of Contents
