Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches - Cisco Catalyst 2960 series Configuration Manual
Consolidated platform configuration guide, ios release 15.2(4)e
Hide thumbs
Also See for Catalyst 2960 series:
- Software configuration manual (980 pages) ,
- Command reference manual (800 pages) ,
- Configuration manual (120 pages)
Table of Contents
Advertisement
Command or Action
Step 5
exit
Step 6
ip arp inspection filter arp-acl-name
vlan vlan-range [static]
Step 7
interface interface-id
Step 8
no ip arp inspection trust
Step 9
end
Step 10
Use the following show commands:
• show arp access-list acl-name
• show ip arp inspection vlan
vlan-range
• show ip arp inspection
interfaces
Purpose
Returns to global configuration mode.
Applies ARP ACL to the VLAN. By default, no defined ARP ACLs are applied
to any VLAN.
• For arp-acl-name, specify the name of the ACL created in Step 2.
• For vlan-range, specify the VLAN that the switches and hosts are in.
You can specify a single VLAN identified by VLAN ID number, a range
of VLANs separated by a hyphen, or a series of VLANs separated by a
comma. The range is 1 to 4094.
• (Optional) Specify static to treat implicit denies in the ARP ACL as
explicit denies and to drop packets that do not match any previous clauses
in the ACL. DHCP bindings are not used.
If you do not specify this keyword, it means that there is no explicit deny
in the ACL that denies the packet, and DHCP bindings determine whether
a packet is permitted or denied if the packet does not match any clauses
in the ACL.
ARP packets containing only IP-to-MAC address bindings are compared
against the ACL. Packets are permitted only if the access list permits them.
Specifies Switch A interface that is connected to Switch B, and enters the
interface configuration mode.
Configures Switch A interface that is connected to Switch B as untrusted.
By default, all interfaces are untrusted.
For untrusted interfaces, the switch intercepts all ARP requests and responses.
It verifies that the intercepted packets have valid IP-to-MAC address bindings
before updating the local cache and before forwarding the packet to the
appropriate destination. The switch drops invalid packets and logs them in the
log buffer according to the logging configuration specified with the ip arp
inspection vlan logging global configuration command.
Returns to privileged EXEC mode.
Verifies your entries.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Configuring ARP ACLs for Non-DHCP Environments
1307
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
