Limiting The Rate Of Incoming Arp Packets - Cisco Catalyst 2960 series Configuration Manual
Consolidated platform configuration guide, ios release 15.2(4)e
Hide thumbs
Also See for Catalyst 2960 series:
- Software configuration manual (980 pages) ,
- Command reference manual (800 pages) ,
- Configuration manual (120 pages)
Table of Contents
Advertisement
Command or Action
Step 13
configure terminal
Example:
Switch# configure terminal
Limiting the Rate of Incoming ARP Packets
The switch CPU performs dynamic ARP inspection validation checks; therefore, the number of incoming
ARP packets is rate-limited to prevent a denial- of-service attack.
When the rate of incoming ARP packets exceeds the configured limit, the switch places the port in the
error-disabled state. The port remains in that state until you enable error-disabled recovery so that ports
automatically emerge from this state after a specified timeout period.
Unless you configure a rate limit on an interface, changing the trust state of the interface also changes its
Note
rate limit to the default value for that trust state. After you configure the rate limit, the interface retains
the rate limit even when its trust state is changed. If you enter the no ip arp inspection limit interface
configuration command, the interface reverts to its default rate limit.
Follow these steps to limit the rate of incoming ARP packets. This procedure is optional.
Purpose
Enters the global configuration mode.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Limiting the Rate of Incoming ARP Packets
1311
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
