Performing Dynamic Arp Inspection Validation Checks - Cisco Catalyst 2960 series Configuration Manual

Command or Action
Step 5 exit
Step 6 Use the following commands:
• errdisable detect cause arp-inspection
• errdisable recovery cause
arp-inspection
• errdisable recovery interval interval For interval interval, specify the time in seconds to recover from the
Step 7 exit
Step 8 Use the following show commands:
• show ip arp inspection interfaces
• show errdisable recovery
Step 9
show running-config
Example:
Switch# show running-config
Step 10 copy running-config startup-config
Example:
Switch# copy running-config
startup-config

Performing Dynamic ARP Inspection Validation Checks

Dynamic ARP inspection intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings.
You can configure the switch to perform additional checks on the destination MAC address, the sender and
target IP addresses, and the source MAC address.
Follow these steps to perform specific checks on incoming ARP packets. This procedure is optional.
Purpose
• (Optional) For burst intervalseconds, specify the consecutive
• For rate none, specify no upper limit for the rate of incoming
Returns to global configuration mode.
(Optional) Enables error recovery from the dynamic ARP inspection
error-disabled state, and configure the dynamic ARP inspection recover
mechanism variables.
By default, recovery is disabled, and the recovery interval is 300
seconds.
error-disabled state. The range is 30 to 86400.
Returns to privileged EXEC mode.
Verifies your settings.
Verifies your entries.
(Optional) Saves your entries in the configuration file.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Performing Dynamic ARP Inspection Validation Checks
interval in seconds, over which the interface is monitored for a
high rate of ARP packets. The range is 1 to 15.
ARP packets that can be processed.
1313