Cisco Catalyst 4500 Series Software Configuration Manual page 1543
Cisco ios xe release 3.9.xe and cisco ios release 15.2(5)ex
Hide thumbs
Also See for Catalyst 4500 Series:
- Administration manual (1814 pages) ,
- Configuration manual (1610 pages) ,
- Command reference manual (1230 pages)
Table of Contents
Advertisement
Chapter 58
Configuring Dynamic ARP Inspection
To limit the rate of incoming ARP packets, perform this task:
Command
Step 1
Switch# configure terminal
Step 2
Switch(config)# errdisable detect
cause arp-inspection
]
vlan
Step 3
Switch(config)# interface
interface-id
Step 4
Switch(config-if)# [no] ip arp
inspection limit
] |
interval second
Step 5
Switch(config-if)# exit
Step 6
Switch(config)# errdisable recovery
{
cause arp-inspection |
interval interval}
Step 7
Switch(config)# exit
Step 8
Switch# show ip arp inspection
interfaces
Step 9
Switch# show errdisable recovery
Step 10
Switch# copy running-config
startup-config
To return to the default rate-limit configuration, use the no ip arp inspection limit interface
configuration command. To disable error recovery for DAI, use the no errdisable recovery cause
arp-inspection global configuration command.
This example shows how to set an upper limit for the number of incoming packets (100 pps) and to
specify a burst interval (1 second):
SwitchB# configure terminal
Enter configuration commands, one per line.
SwitchB(config)# interface g3/31
SwitchB(config-if)# ip arp inspection limit rate 100 burst interval 1
SwitchB(config-if)# exit
SwitchB(config)# errdisable recovery cause arp-inspection
SwitchB(config)# exit
Purpose
Enters global configuration mode.
Enables per-VLAN error-disable detection.
[
action shutdown
Note
Specifies the interface to be rate-limited, and enters interface
configuration mode.
Limits the rate of incoming ARP requests and responses on the
{
[
rate pps
burst
interface.
}
none
The default rate is 15 pps on untrusted interfaces and unlimited on
trusted interfaces. The burst interval is 1 second.
The keywords have these meanings:
Returns to global configuration mode.
(Optional) Enables error recovery from the DAI error-disable state.
By default, recovery is disabled, and the recovery interval is 300
seconds.
For interval interval, specify the time in seconds to recover from the
error-disable state. The range is 30 to 86400.
Returns to privileged EXEC mode.
Verifies your settings.
Verifies your settings.
(Optional) Saves your entries in the configuration file.
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
By default this command is enabled, and when a violation
occurs the interface is shutdown.
For rate pps, specify an upper limit for the number of incoming
•
packets processed per second. The range is 0 to 2048 pps.
•
(Optional) For burst interval seconds, specify the consecutive
interval in seconds, over which the interface is monitored for a high
rate of ARP packets.The range is 1 to 15.
For rate none, specify no upper limit for the rate of incoming ARP
•
packets that can be processed.
End with CNTL/Z.
Configuring Dynamic ARP Inspection
58-17
Advertisement
Chapters
Table of Contents
Troubleshooting
