Ip Arp Inspection Limit; Ip Arp Inspection Trust - Edge-Core ECS2100-10T Reference Manual

ip arp inspection limit

ip arp inspection trust

This command sets a rate limit for the ARP packets received on a port. Use the no
form to restore the default setting.
Syntax
ip arp inspection limit {rate pps | none}
no ip arp inspection limit
pps - The maximum number of ARP packets that can be processed by the
CPU per second on trusted or untrusted ports. (Range: 0-2048, where 0
means that no ARP packets can be forwarded)
none - There is no limit on the number of ARP packets that can be
processed by the CPU.
Default Setting
15
Command Mode
Interface Configuration (Port, Static Aggregation)
Command Usage
◆
This command applies to both trusted and untrusted ports.
◆
When the rate of incoming ARP packets exceeds the configured limit, the
switch drops all ARP packets in excess of the limit.
Example
Console(config)#interface ethernet 1/1
Console(config-if)#ip arp inspection limit rate 150
Console(config-if)#
This command sets a port as trusted, and thus exempted from ARP Inspection. Use
the no form to restore the default setting.
Syntax
[no] ip arp inspection trust
Default Setting
Untrusted
Command Mode
Interface Configuration (Port, Static Aggregation)
Command Usage
Packets arriving on untrusted ports are subject to any configured ARP Inspection
and additional validation checks. Packets arriving on trusted ports bypass all of
these checks, and are forwarded according to normal switching rules.
Chapter 9
– 311 –
| General Security Measures
ARP Inspection