Performing Dynamic Arp Inspection Validation Checks - Cisco Catalyst 2960-X Security Configuration Manual

Configuring Dynamic ARP Inspection
Command or Action
Step 5 exit
Step 6 Use the following commands:
• errdisable detect cause arp-inspection
• errdisable recovery cause
arp-inspection
• errdisable recovery interval interval For interval interval, specify the time in seconds to recover from the
Step 7 exit
Step 8 Use the following show commands:
• show ip arp inspection interfaces
• show errdisable recovery
Step 9
show running-config
Example:
Switch# show running-config
Step 10 copy running-config startup-config
Example:
Switch# copy running-config
startup-config

Performing Dynamic ARP Inspection Validation Checks

Dynamic ARP inspection intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings.
You can configure the switch to perform additional checks on the destination MAC address, the sender and
target IP addresses, and the source MAC address.
Follow these steps to perform specific checks on incoming ARP packets. This procedure is optional.
OL-29048-01
Performing Dynamic ARP Inspection Validation Checks
Purpose
• (Optional) For burst intervalseconds, specify the consecutive
interval in seconds, over which the interface is monitored for a
high rate of ARP packets. The range is 1 to 15.
• For rate none, specify no upper limit for the rate of incoming
ARP packets that can be processed.
Returns to global configuration mode.
(Optional) Enables error recovery from the dynamic ARP inspection
error-disabled state, and configure the dynamic ARP inspection recover
mechanism variables.
By default, recovery is disabled, and the recovery interval is 300
seconds.
error-disabled state. The range is 30 to 86400.
Returns to privileged EXEC mode.
Verifies your settings.
Verifies your entries.
(Optional) Saves your entries in the configuration file.
Catalyst 2960-X Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX
257