Dynamic-Arp-Inspection - Cisco ASR 9000 Series Reference Manual

Point to Point Layer 2 Services Commands

dynamic-arp-inspection

To validate Address Resolution Protocol (ARP) packets in a network, use the dynamic-arp-inspection
command in the l2vpn bridge group bridge domain configuration mode. To disable dynamic ARP inspection,
use the no form of this command.
dynamic-arp-inspection {logging| address-validation {src-mac| dst-mac| ipv4}}
no dynamic-arp-inspection {logging| address-validation {src-mac| dst-mac| ipv4}}
Syntax Description
logging
address-validation
src-mac
dst-mac
ipv4
Command Default
Dynamic ARP inspection is disabled.
Command Modes
l2vpn bridge group bridge domain configuration
Command History
Release
Release 4.0.1
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes appropriate task
IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator
for assistance.
Task ID
Task ID
l2vpn
(Optional) Enables logging.
When you use the logging option, the log messages indicate the interface
Note
on which the violation has occured along with the IP or MAC source of
the violation traffic. The log messages are rate limited at 1 message per
10 seconds.
Caution
(Optional) Performs address-validation.
Source MAC address in the Ethernet header.
Destination MAC address in the Ethernet header.
IP addresses in the ARP body.
Cisco ASR 9000 Series Aggregation Services Router VPN and Ethernet Services Command Reference, Release
Not all the violation events are recorded in the
syslog.
Modification
This command was introduced.
Operations
read, write

dynamic-arp-inspection

6.1.x
77